locked
Session["username"] VS System.Web.Httpcontext.Current.User.Identity.Name RRS feed

  • Question

  • User1239008133 posted

    I have always used Session variables in my 'older' vb/asp applications.


    2 questions:


    [1]What is the SCOPE of a Session Variable (example: within mydomain.com I set the Session["username"] variable in a .net file and then do a response.redirect to another .aspx file within the same domain.com web server and the Session["username"] object is NOT RECOGNIZED?


    [2]Which is better and why:

    Session["username"]

    or

    System.Web.Httpcontext.Current.User.Identity.Name


    thanks...

    Thursday, August 27, 2009 9:29 AM

Answers

  • User2130758966 posted

    [2]Which is better and why:

    Session["username"]

    or

    System.Web.Httpcontext.Current.User.Identity.Name

    System.Web.Httpcontext.Current.User.Identity.Name;

    because its always populated by the currently logged in users username and you dont have to mess about saving to the session.


    You can also check if the current user is logged in by doing

    if(HttpContext.Current.User.Identity.IsAuthenticated)
    {
      // authed
    }


    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 9:34 AM
  • User2019981500 posted

    Hello Great Man,


    About Identity

    You'll only be able to retrieve the identity of the person accessing the web app, if that person is logged in on the server. If the IIS authentication is turned off, then no authentication will be required, and therefore, no identity will be provided to the web app. The web app will have to know who you are, before it can say your name.

    Session[""]

    As you have mentioned that you are using sessions from older version,so you might be knowing that session variable has default scope of 20 minutes by default ,which we set on IIS server,we can change it according to need
    so your session variable will be available for just 20 minutes ,so this session variable can be used to hold data for long time,i mean as long as your session is alive as per iss server setting.

    may be tomm you will come accross below type of declaration
    HttpContext.Current.Session["USER"]

    it is nothing more than

    Session["USER"]

    Regards
    shabir hakim

     

     

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 9:48 AM
  • User-1675817941 posted

    hi,

    [1] session scrope is is with the application. if you want send the data to another domain/another application use query string.

    [2] System.Web.Httpcontext.Current.User.Identity.Name will take from system. if another use loges in your application same data will be shown.  if you are passing data to session it will changes as per user logs in your application. 

    i hope am clear

    Thanks :)



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 2:42 PM

All replies

  • User2130758966 posted

    [2]Which is better and why:

    Session["username"]

    or

    System.Web.Httpcontext.Current.User.Identity.Name

    System.Web.Httpcontext.Current.User.Identity.Name;

    because its always populated by the currently logged in users username and you dont have to mess about saving to the session.


    You can also check if the current user is logged in by doing

    if(HttpContext.Current.User.Identity.IsAuthenticated)
    {
      // authed
    }


    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 9:34 AM
  • User-68639941 posted

     

    Session variable will be expired based on SessionTimeOut property value setting of the website configuration file

    default value is 10  minutes

     

    this

    System.Web.Httpcontext.Current.User.Identity.Name -- can be used window login name when windows authentication enabled
     
    Session["username"] -- can be used to refer the session variable username
    



     

    Thursday, August 27, 2009 9:42 AM
  • User2019981500 posted

    Hello Great Man,


    About Identity

    You'll only be able to retrieve the identity of the person accessing the web app, if that person is logged in on the server. If the IIS authentication is turned off, then no authentication will be required, and therefore, no identity will be provided to the web app. The web app will have to know who you are, before it can say your name.

    Session[""]

    As you have mentioned that you are using sessions from older version,so you might be knowing that session variable has default scope of 20 minutes by default ,which we set on IIS server,we can change it according to need
    so your session variable will be available for just 20 minutes ,so this session variable can be used to hold data for long time,i mean as long as your session is alive as per iss server setting.

    may be tomm you will come accross below type of declaration
    HttpContext.Current.Session["USER"]

    it is nothing more than

    Session["USER"]

    Regards
    shabir hakim

     

     

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 9:48 AM
  • User-1675817941 posted

    hi,

    [1] session scrope is is with the application. if you want send the data to another domain/another application use query string.

    [2] System.Web.Httpcontext.Current.User.Identity.Name will take from system. if another use loges in your application same data will be shown.  if you are passing data to session it will changes as per user logs in your application. 

    i hope am clear

    Thanks :)



    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, August 27, 2009 2:42 PM
  • User1239008133 posted

    All useful responses... thanks to ALL!

    Thursday, September 10, 2009 11:53 AM
  • User1562780145 posted

    Session scope can be extnded to mutiple applications.

    Out of the box SQL session state can handle storing session from multiple web applications and it prevents session from being shared. The various session state items are stored in a single table 'ASPStateTempSessions' using a SessionId as a primary key. The SessionId is actually the string representation of the SessionId used to identify the user's session plus the ApplicationId. The ApplicationId is created when the session state provider calls the 'TempGetAppID' stored procedure. This proc either creates the id by hashing the application name or returns the id stored for the name in the ASPStateTempApplications table. For each web application that is using a database for session state you will have a row in ASPStateTempApplications that represents that application.

    So  ‘TempGetAppID’ stored procedure can be modified to always return the same Application ID and a new application name say 'Global Session State Application' can be used. Now any ASP.NET 2.0 web application that you point to this state database will be able to share session.

    Thursday, September 10, 2009 8:09 PM