Reputation: 41
.NET Session - Persist session, even when the user closes the browser
We use .net framework 3.5 and C#.
We have a site that requires the user to log in. So we use a database to check if the login / password is correct.
Then we make a call to FormsAuthentication.SetAuthCookie() , so the user we´´l be logged in my app.
And on all subsequent pages, we check with User.Identity.IsAuthenticated() if the user is logged in.
We want to preserve this session, even when the user closes the borwser.
How the best way to do this ?
We also have a problem with lost sessions, suddenly the user lost his authenticated status, I think that with that kind of new persist we can also solve that problem.
(sorry for my english..... portuguese speaker)
Upvotes: 4
Views: 7651
Answers (2)
Reputation: 26874
I would suggest a cleaner approach to store session information. Surely Shay's approach for persisting the authentication cookie is correct, but storing sessionState in process for long time has severe drawbacks when scaling the application to multiple concurrent users.
First, to clarify, session state means literally anything that you can access via Session[] collection.
A better technique, that I have seen successfully used* by a large bank, is to store persistent-session related information inside the database.
Basically you need
- A table that is
primaryandforeignkeyed to the user ID, with a) as many columns as the variables you need to store or b) one single BLOB column containing the serialized value of the class - A
PersistentSessionclass - Populate that object in Global.asax
Session_Startor betterApplication_PostAuthenticateRequestmethod and save it inSessionobject - Save the object from
Sessionto DB in Global.asaxSession_Endmethod
If you chose approach B just serialize/deserialize the object and you got it!
*The real way the SAVESESSION was used by those guys is quite different
Upvotes: 1
Reputation: 353
You shouldn't mix terms, remember that you have both authentication cookie and session state in asp.net.
You appear to be looking for a persistent auth cookie. to have a persistent auth cookie try
FormsAuthentication.SetAuthCookie("xxx",true);
http://msdn.microsoft.com/en-us/library/twk5762b(v=vs.90).aspx
passing true will allow the authentication cookie to survive browser restarts. also you should consider your timeout values for forms authentication and session in your web.config
<authentication mode="Forms">
<!-- The name, protection, and path attributes must match
exactly in each Web.config file. -->
<forms loginUrl="Default.aspx" name=".ASPXFORMSAUTH" protection="All" path="/" timeout="360"/>
</authentication>
<sessionState mode="InProc" timeout="360" />
Upvotes: 6
Related Questions
- ASP.NET session state after closing browser
- Keeping ASP.NET Session Open / Alive
- how to maintain session state as long as possible with asp.net 4.0
- Asp.Net: Retaining the old browser session after closing and reopening browser instance
- Maintaining same session after browser closes and reopens
- ASP.net Session Destroy if he closes the browser
- How to maintain continuous Session in Dot Net application?
- Maintaining session after browser is closed
- Maintaining the session even after the browser is closed
- Ending Session on Browser close?