Using session for user authentication in asp.net c#

asp.net session windows-server-2008

11,664

First of all you have to edit web.config and set session timeout attribute.

<configuration>
  <system.web>
     <sessionState timeout="200"></sessionState>
  </system.web>
</configuration>

Another issue is the use of IsPostBack block.

protected void Page_Load(object sender, EventArgs e)
    { 
     if (Session["login"] != null && Session["db"] != null)
      {
         String DB = "";
         String AccountID = "";
         AccountID = Session["login"].ToString();
         DB = Session["db"].ToString();
         Label9.Text = AccountID;
         HiddenField1.Value = DB.ToString();
         DropDown a = new DropDown();
         a.filldropdown1(this.DropDownList1, DB);
       }
     else
     {
         Response.Redirect("log.aspx");
      }
   }

11,664

Author by

Ishan

Hello i am into ASP.net C#/ Sharepoint development and constantly learning in order to expertise in the field.

Updated on June 04, 2022

Comments

Ishan almost 2 years

I am using session to authenticate a user. I have 2 web pages in my project. One is webform and other one is EntryForm.aspx and other one is log.aspx

In log.aspx i have done

protected void Button1_Click(object sender, EventArgs e)
{
        user_login loginu = new user_login();
        String uid_db = loginu.login(this.DropDownList1, this.TextBox1, this.TextBox2, this.Label5);
        if (uid_db == "invalid")
        {
            Label5.Visible = true;
            Label5.Text = "Invalid Login";
        }
        else
        {

            string uname = uid_db.Substring(0, uid_db.IndexOf(",")).Trim();
            string[] tokens = uid_db.Split(',');
            string dbname = tokens[tokens.Length - 1];

            Session["login"] = uname;
            Session["db"] = dbname;
            Response.Redirect("EntryForm.aspx");
       }
}

In class user_login I am taking the password stored in the database and matching it with the value entered by user. if it finds a value i redirect it to EntryForm.aspx. In which i check for session variable as follows

protected void Page_Load(object sender, EventArgs e)
    {// CHEK SESSION VARIABLE AND LOAD dropdownlist1 WITH VALUES
        if (!IsPostBack)
        {
            String DB = "";
            String AccountID = "";
            if (Session["login"] != null && Session["db"] != null)
            {
                AccountID = Session["login"].ToString();
                DB = Session["db"].ToString();

                Label9.Text = AccountID;
            }
            else
            {
                Response.Redirect("log.aspx");
            }
            HiddenField1.Value = DB.ToString();
            DropDown a = new DropDown();
            a.filldropdown1(this.DropDownList1, DB);
        }
    }

This is what i have done do authenticate a user. On server i have done the following configuration:

enter image description here

I have done no settings in Global.asax nor anything is web.config . I have seen many forum wherein Global.asax and web.config is configured.

I want to know what do i need to do in my project in order to be very efficient to work. I am facing problem with session timeout. I have set it to 20 mins on my server but sometimes suddenly i get logged out.

Please help me to understand using session for authentication.

Ishan over 12 years

Thank You so much, i want to know what wrong was i doing and whether the configuration on server regarding session is proper.
KV Prajapati over 12 years

@Ishan - In your code-snippet, statements inside IsPostBack block will be executed on first page load. However you may check IsPostBack property inside the if body where session attributes are checked.