In my web application (asp.net mvc) I have an restrict area. In my model, I have an entity called "User" represents a user can do login/logout in web app. I've used Forms Authentication to login/out my users and everything works fine but, I'd like to know, if is there any way to sav开发者_运维问答e an entity (of the user logged) during the session of the user ?
Is there any best pratice to do this ? Do make the timeout of the forms autentication to be compatible with the HttpSession or is there others way to do this?
I'm using NHibernate
Thanks
Cheers
Depends.
Relying on Session for logged in status isn't safe because it isn't durable. One Recycle and poof, your Session is gone.
What I do is store non-consequential data like a users first and last name or some cached data about them in the session so I can don't have to query the database for it. Usually what I do is have a logic in the login portion of the application throw this helpful information in the session. Then in the Initialize method I call the same logic to make sure the session information is available. If its not, I add it back.
protected override void Initialize(System.Web.Routing.RequestContext requestContext)
{
if( Session["MyIdentityDTOKey"] == null )
GoThrowThingsInTheSession();
base.Initialize(requestContext);
}
The timeout shouldn't matter because if they can't enter the app, they can't see their session anyway. But if you insist, you can always use the Session.Timeout method to make it expire at the same time.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论