locked
Why do most developers use session to fetch userid? RRS feed

  • Question

  • User-2074858223 posted
    Why do most developers use session to fetch userid?, what are the disadvantage
    Saturday, January 9, 2016 3:11 PM

Answers

  • User-821857111 posted

    In classic ASP, session was the main means to manage authentication. ASP.NET introduced new more convenient APIs for managing authentication - the MembershipProvider. A lot of developers continued to use session despite that. 

    Default session relies on memory as a store. If the application is restarted for any reason (e.g. app pool recycling, changes to the web config, redeployment), sessions are cleared so users have to log in again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, January 9, 2016 7:59 PM
  • User-821857111 posted

    FormsAuthentication: https://msdn.microsoft.com/en-us/librAry/xdt4thhy(v=vs.100).aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 11, 2016 10:16 AM

All replies

  • User-821857111 posted

    In classic ASP, session was the main means to manage authentication. ASP.NET introduced new more convenient APIs for managing authentication - the MembershipProvider. A lot of developers continued to use session despite that. 

    Default session relies on memory as a store. If the application is restarted for any reason (e.g. app pool recycling, changes to the web config, redeployment), sessions are cleared so users have to log in again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, January 9, 2016 7:59 PM
  • User-2074858223 posted
    You said ASP.NET introduced new more convenient APIs, Please can I know them, and which one is best option?
    Monday, January 11, 2016 10:01 AM
  • User-821857111 posted

    FormsAuthentication: https://msdn.microsoft.com/en-us/librAry/xdt4thhy(v=vs.100).aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 11, 2016 10:16 AM
  • User753101303 posted

    Hi,

    Try HttpContext.Current.User.Identity.Name which should return the authenticated user account name regardless of which authentication method is used. Also if using your own custom code to handle authentication, try to use instead what ASP.NET provides out of the box.

    Knowing which .NET version and which authentication method you are using would help to guide you if you need further help.

    Session can still be used but preferably for small, frequently needed information that are costly to fetch (so here you already have the information without "caching" it into the session). Also it is best to not access session information directly but to use that as a storage backend "cache" so that if the session ends, the missing information will be just restored to a new session rather than causing an exception because it is not found any more.

    Monday, January 11, 2016 10:23 AM
  • User-2074858223 posted
    Please can you give example on what you said below Also it is best to not access session information directly but to use that as a storage backend "cache" so that if the session ends, the missing information will be just restored to a new session rather than causing an exception because it is not found any more.
    Sunday, January 31, 2016 2:59 PM