I’m just looking for “best practice” reassurance on working with jQuery and ASP.Net, before working on my new project. I’ll take a simple example.
- A user logs on to my website, using forms authentication
- Their userID is stored in the Session(“userID”) variable
- When logged in, their screen shows a list of cars available
- The user wants to re-order them into preference order, which is then posted back to an aspx web page from jQuery
What is the best way of uniquely identifiying the user, so that only their preference order is updated?
Should I use the Session(“userID”) on the server side, to ensure it’s only that users data that is updated?
Or when creating the page, should I “send” the unique userID to the browser, and store in a label on the screen, and then post that back to the aspx webpage, when the update is made? Or is that a huge security hole – in so much as if I post a uniqueID to the browser, the user could change it before posting the data back by jQuery, thereby updating another users information?
Thanks for any guidance,
Mark
why not use integrated security?
You can set up users and passwords (authentication), create roles (groups of users), and create permissions (rules for controlling access to parts of your application). – Sir Microsoft
Because Sessions Timeout, i think that would be a great choice. Why leave a person logged on forever?