what is the best way to keep a user logged in
I am using c# and asp.net
Is there a way to identify the computer in a uniquely.
Is there a way to identify the computer in a uniquely.
Dave Baldwin
What kind of app? Windows desktop? Web? If you are running in a web server, IIS creates a session id for every new connection. Technically, it only identifies the user/web browser that has connected but that is normally what is needed on a web site.
ASKER
web using asp.net but not using build in login system. trying to write my own system so it is not easy to break by being different.
ASKER
How do google do it?
ASKER
I am trying to find out if you guys have any idea how google and facebook keeps you logged in?
AFAIK those sites set a cookie on your machine if you decide to stay logged in. If not using persistent login, each web pages contains code to identify you, in an ecnrytpted way with local machine data as key (to prevent intercepting or faking).
i recommend when the user log in save his ID in a session or some variable
and at Master Page (Page is post back) re validate the user and extend the time out
and at Master Page (Page is post back) re validate the user and extend the time out
Google uses persistent cookies - you're going to need something client-side on the user's machine to identify the logged in status of the account but you could store all the user preferences and settings server-side. Google stores most of your preferences client-side. Check your browser cookies and delete their cookies individually if you want to see how their use of multiple cookies manages your communications with them (including tracking and advertising). Cookies are inherently understood by browsers and if your interface is browser-based I'd think carefully about reinventing the cookie.
long session login >> persistent session - Considerations has to include use of long-term data storage using session, cookie and/or cache. See further pt below. Definitely I see them more appropriate data containers than QueryStrings
(a) Session - as long as the user is active, plus a timeout period (typically 20 minutes). e.g. "timeout" can be configured in the Web.config or Machine.config with the sessionState element. However the challenge is ASP.NET_SessionId is a session cookie so as soon as the user closes the browser it gets another SessionID. It does not persists. Session need more "helping" esp when it is not supposed to store login information. Typically a separate cookie with FormsAuthentication cookie or Own Authentication cookie depending on the login system used.
(b) Cookie - Possibly need to have two cookie for ASP.NET_SessionId and another own appl cookie whereby the value in the former is content of your own appl cookie. Your own appl cookie has value for the SessionID and include Expires period (maybe based on DateTime ..). The challenge is to make sure own appl cookie is ard...persistent cookie is not bad
(c) Cache - Cache object may be better preferred for persisting data within an ASP.NET application. Like, its has ability to execute a callback (uses delegates or function pointers) when an item in the cache expires.
Ref - https://msdn.microsoft.com/en-us/magazine/cc300437.aspx
just few quick thoughts ... but having prolonged session may not be wise - wearing the security hat ...
(a) Session - as long as the user is active, plus a timeout period (typically 20 minutes). e.g. "timeout" can be configured in the Web.config or Machine.config with the sessionState element. However the challenge is ASP.NET_SessionId is a session cookie so as soon as the user closes the browser it gets another SessionID. It does not persists. Session need more "helping" esp when it is not supposed to store login information. Typically a separate cookie with FormsAuthentication cookie or Own Authentication cookie depending on the login system used.
(b) Cookie - Possibly need to have two cookie for ASP.NET_SessionId and another own appl cookie whereby the value in the former is content of your own appl cookie. Your own appl cookie has value for the SessionID and include Expires period (maybe based on DateTime ..). The challenge is to make sure own appl cookie is ard...persistent cookie is not bad
(c) Cache - Cache object may be better preferred for persisting data within an ASP.NET application. Like, its has ability to execute a callback (uses delegates or function pointers) when an item in the cache expires.
Ref - https://msdn.microsoft.com/en-us/magazine/cc300437.aspx
just few quick thoughts ... but having prolonged session may not be wise - wearing the security hat ...
ASKER
Here are some of the challenges/question/commen
1- The server (I am using GoDaddy.com) time outs the session variables only in 5 minutes.
2- Do you think some people may not allow to deposit the cookies? If yes, then how is it a general solution?
3- I can use this, string sessionId = System.Web.HttpContext.Cur
1- The server (I am using GoDaddy.com) time outs the session variables only in 5 minutes.
2- Do you think some people may not allow to deposit the cookies? If yes, then how is it a general solution?
3- I can use this, string sessionId = System.Web.HttpContext.Cur
ASKER
Ok, This is the algorithm I am thinking.
1- Save the sessionid and associated user info in a DB.
2- Send sessionid as a hidden field on all forms and some salts.
3- Use cookies if a user is on his personal computer and has the cookies on for a prolonged logged in.
Does that make any sense to the experts? Please comment. Thanks
1- Save the sessionid and associated user info in a DB.
2- Send sessionid as a hidden field on all forms and some salts.
3- Use cookies if a user is on his personal computer and has the cookies on for a prolonged logged in.
Does that make any sense to the experts? Please comment. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much. Would someone have a c# library to do this to share?
Maybe good to catch this from codeproject - not library but the guide through will help with some sample codes shared...http://www.codeproject.com/Articles/32545/Exploring-Session-in-ASP-Net
...and this on various session state options
...and this on various session state options
let us see what all session management techniques are present in the ASP.NET framework.http://www.codeproject.com/Articles/416137/Understanding-Session-Management-Techniques-in-ASP
•In-Proc.
•SQLServer.
•StateServer.