Home/ Questions/Q 7163251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T13:52:18+00:00

I am trying to make an ASP.NET MVC 3 app in which I have

  • 0

I am trying to make an ASP.NET MVC 3 app in which I have my own authentication system. I have followed some bits written on this site which I found in another SO post.

About half-way down the page the author writes a short session manager to persist user login information. I obviously want to do this as well, but the author hints that this is not a good way of doing things and that there are other, better, ways of doing this.

That’s all well and good, but what are those better ways of going about persisting log in information?

For now I persist user name, user ID and log in status to the session, because I need to pull out user-specific info every so often and the user name is handy to have quick access to rather than having to re-query the database on every page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It depends about your needs.

    Session:

    • saved on server so consume server resources
    • most secure (no one can modify session data)
    • lost when user close browser

    Cookie:

    • saved on client browser (doesn’t consume server resources)
    • is less secure because it’s accessible on the client pc and on the network (so is a good idea to encrypt cookies, specially login informations cookies)
    • you can persist it through different session

    Generally speaking when you have a problem like “rather than having to requery the database on every page” ask yourself if you can use ASP.Net Caching

    • 0