Solved

Tmpdata vs cookies in mvc

Posted on 2011-02-17
4
719 Views
Last Modified: 2012-05-11
Experts,

I have a question regarding the difference between TempData and storage of cookies in my ASP MVC2 project.  I have want to have users log into my web page and store their login credendital, name, what they have rights to, etc.  This data is going to need to be passed around from page to page to i can keep a track if they have proper rights to certain functionality.n  Is it best to store this information in a cookie or a TempData?
0
Comment
Question by:esesjay4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 34926739
TempData is used to pass information from one view to another on the server side. It does not persist between requests. If you want the information to remain persistent for the duration of the user's session you will either have to use cookies or session state on the server.
0
 
LVL 28

Assisted Solution

by:strickdd
strickdd earned 25 total points
ID: 34928172
DO NOT STORE THIS IN COOKIES. Cookies are on the client side and if you store what access type they have to your site, they can just change that value and get to a portion of the site they shouldn't be able to. The best way to prevent that is to store that information in a Session variable. That is stored server-side and cannot be viewed/changed by the client.
0
 

Author Comment

by:esesjay4
ID: 34929336
So what is the difference then in TempData["message"] vs Session["message"]?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 100 total points
ID: 34929676
Session[] objects are active while the user session is active until it times out due to inactivity (or the Application Pool is recycled)  In your case that is what you should be using, however, I'd recommend a wrapper function to test the session of null values, then act accordingly

public static String GetSessionString(string inSessionString)
{
   if (Session[inSessionString] == null)
  {
     // Do something to reset the session variable or redirect to fix it (log in et cetera)
   }
   return Session[inSessionString];
}

That way if the user leaves the page open for 20 minutes and exceeds the default ASP.NET timeout of 20 minutes for a session they won't get exceptions!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question