What is the best state variable to deal with in global.ascx?

Question

For some reasons, I'm overriding the authentication functionality and deal with it by my own DB tables.

The only problem I've got so far that I'm using the Session to store some data and it's null in some times when I use it in Global.ascx.

I've read some questions on SO like this and this, and actually I'm not gonna investigate in the potential reasons right now so I'm asking:

Is Session is the best cache state for my case? or I have to use something else like cookies?

Note: The stored data is the privileges for the user and some other data related to the user.

Answer 1

I would agree with John Saunders, have you considered using a Custom Membership Provider instead?

Implementing a Membership Provider

Inherit and implement/override as needed? To confirm with this you would still need to use Session or similar, but if you want the data to persist between sessions then use cookies. That said storing information like privileges/user permissions on the client sad can be an issue from a security point of view unless you are encrypting it somehow.

Answer 2

From the moment you have your own DB tables for the authentication, its easy for you to make one more table for the session data and connect ether the authenticated user with that table, ether an anonymous user with.

What I say, is that you can give a unique cookie to every user of you, and then connect this cookie with his data on the new session table data, and from there you get your needed data.

The key points here is that you must clear the session table data every minute, the same way MS do when you use session data on database. Clear, I mean to delete the time out sessions.

And second to be sure that every user gets a unique encoded cookie.

In my application I use 2 diferent table for similar reason. One table for remember some options per user per computer, and one for some extra session data.