http://forums.asp.net/15.aspxThe perfect forum for ASP.NET novices. No question too simple! <A href="http://aspadvice.com/SignUp/list.aspx?l=21&amp;c=17" target=_blank>Email List</A>enCommunityServer 2007 SP1 (Build: 20510.895)http://forums.asp.net/thread/2064532.aspxMon, 17 Dec 2007 22:12:24 GMT4c671506-2930-414c-a40b-8bf57ded5924:2064532mark8360http://forums.asp.net/thread/2064532.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=15&PostID=2064532<p>Good tip about a class and session variables.&nbsp; I just implemented your suggestion,&nbsp;Thanks.</p> <p>&nbsp;</p> <p>&nbsp;I haven&#39;t recieved any input from question 1 so I am assuming it is normal procedure.</p> <p>&nbsp;</p> <p>Thanks again.</p> <p>&nbsp;</p>http://forums.asp.net/thread/2064212.aspxMon, 17 Dec 2007 19:16:35 GMT4c671506-2930-414c-a40b-8bf57ded5924:2064212martinhn0http://forums.asp.net/thread/2064212.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=15&PostID=2064212<p>Regarding question 2 - I would always recommend having a static class with all the session variables. DO NOT (!!!) write Session[&quot;variableName&quot;] everytime you need to access a session variable. It is so easy to make typo&#39;s, and you do not get compilation errors if you misspell a variable name.</p> <p>Create a static class with a property for each session variable you have to use, which returns the value. Then you get/set the Session like this: Session[SessionKeys.Parameter1] which is much more safe, and easier to maintain should you need to refactor the code later...</p>http://forums.asp.net/thread/2063932.aspxMon, 17 Dec 2007 16:50:00 GMT4c671506-2930-414c-a40b-8bf57ded5924:2063932mark8360http://forums.asp.net/thread/2063932.aspxhttp://forums.asp.net/commentrss.aspx?SectionID=15&PostID=2063932<p>2 quick/easy questions which are very subjective.&nbsp;</p> <p>Our client has client/server database &nbsp;apps and wants to replace them with Intranet apps.&nbsp; Their security is primarily database roles.&nbsp; In order to keep their current security ( a requirement), I have created login page where the user selects from a list of servers, and inputs for their database userid/password.&nbsp;I encrypt the password using the standard&nbsp;class <font color="#008080" size="2">DESCryptoServiceProvider</font>.&nbsp; I am going to&nbsp;store this user connection info(user id,&nbsp; encrypted password and password encrypt key, and database server) &nbsp;into an arrayList Session variable.&nbsp;&nbsp;Everytime I need to connect to the database, I get&nbsp;the database connection stored&nbsp;string(<font color="#008080" size="2">ConfigurationManager</font><font size="2">.ConnectionStrings), and replace the userid,password, and server with the arraylist user values.</font></p> <p>In the the future, I am going to try to convince the client to store user profile info into a database table.&nbsp; Connect to the database with one user/password from <font color="#008080">ConfigurationManager</font><font size="2">.ConnectionStrings.&nbsp; But for now, I need to work with the current security in place</font></p> <p><font size="2">1.&nbsp; Is there, if any, dangers and pitfalls to my proposed solution.&nbsp; Or to put it in another way, is there a better way to handle this user info?</font></p> <p><font size="2">2.&nbsp; Session state is by Page and I cannot create a custom class to get/set session variables.&nbsp; Is there an elegant way to set the session variables&nbsp;in a class?</font></p> <p><font size="2"></font>&nbsp;</p><font size="2">Thanks in advance for your input.&nbsp; </font><font size="2"> <p></font>&nbsp;replace </p>