Home/ Questions/Q 5847113
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T12:40:21+00:00

I am developing an ASP.NET MVC 3 Application that is essentially a proxy to

  • 0

I am developing an ASP.NET MVC 3 Application that is essentially a proxy to a database. To login, users must provide their database user and name. (I know it isn’t a good idea to use database users as application users, but I didn’t design the database, so don’t blame me.)

When my users log in, I would like to store in a session variable their username and password:

Session["UserID"] = TheConnectionStringBuilder.UserID;
Session["Password"] = TheConnectionStringBuilder.Password;

However, session state is not intrinsically tied to the authentication cookie, and this could cause problems later. Is there any way to keep session state data in such a way that it remains tied to the authentication cookie?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One of the way could be matching session state time-out with authentication time-out using configuration. For example,

    <authentication mode="Forms">
 <forms timeout="30" />
</authentication>

<sessionState timeout="31" />

    Yet another way would be to store credentials into some persistent store (such as file) tagged with some generated key and then keep this key in authentication cookie. However, I feel this is a round about way of doing things and I would rather go with session approach.

    For some reason, if you don’t find the user id/password in the session (for example, application pool recycle), you can force user to re-login (by using FormsAuthentication.SignOut followed by RedirectToLoginPage).

    • 0