Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a login system that I have to code. But what I don’t understand is do I have to store cookies on client machine even if there is no Remember me? Wouldn’t it be just better and “secure” if I store all required information in Session itself and use that to check in my BasePage to see if the user is authenticated or not?
If the remember me functionality was to be built then it would have required cookies, right? Please throw some light on this.
Yes you will, or you will have to carry something on the querystring of every single link you create. Programming for the web is completely stateless. You really have no idea what user is requesting what page, or is logged in, unless you give the client (browser) something to send back to the server every time.
If all you get for a request is “www.example.com/page.aspx”, then you have no idea if that was me, my brother, my cat, some other random person. In order to know that it is ME that requested that page (and is therefore authorized to use it) you have to use a session cookie or pass a value on the querystring.