Last post Dec 06, 2010 10:53 AM by atconway
Dec 01, 2010 06:06 PM|svetlana_marinova|LINK
I am working on a website where when the user logs in, I select their database based on their username. Currently I have a list of all databases in the web.config and I select the Database ID from the username and then read the database string from web.config.
What is the most optimal way to implement this scenario?
- store the Database ID in the session object
- the Session object expires after like 5 minutes so i have to read the Database ID from the online database based on the username and regenerate the Session["DatabaseID"] again.
- there are some security issues with the Session ID, so I started clearing the Session in !(Page.IsPostBack) and I generate the Database string again.
Where shall I store the DatabaseID and the database connection string so I can easily reuse it once the user has logged in?
Dec 01, 2010 08:17 PM|Deeshal|LINK
Dec 02, 2010 04:29 AM|DigiMortal|LINK
Session ID is the only connection between client and server. You can keep connection name or ID in session. Session variables are not sent to client because they are kept in session store in server. You can keep your connection strings in web.config file
and you can encrypt them. You can find more about encrypting connection strings here:
Dec 03, 2010 08:20 PM|svetlana_marinova|LINK
How can I set the expiration of the cookie? I change the Session State Time out in IIS to 30 min and whatever I store in the Session object still is deleted after 5 minutes
Dec 03, 2010 08:23 PM|svetlana_marinova|LINK
It happen on one computer i used for testing. I logged in, so the database Id was stored in the Session object. Then I closed the browser window, I opened a new browser window , navigated to the site and logged in and the database ID and string was there!
It had saved the Session info somehow on the local computer. I don't know how the Session object is saved and why is it still there when I close the webpage.
Dec 03, 2010 10:25 PM|arkan.turk|LINK
i suggest you to create a central database that can store your other databases ID and users accounts
Dec 06, 2010 08:26 AM|matyvegan|LINK
If u develop with a object model add a propery to the user (databaseID).
If u know the user in session u know the database id.
U can store the user in session variable or in cookie.
Dec 06, 2010 08:40 AM|kratos_Vimal|LINK
What i would suggest you is to create a Master User database table and check the database name in that table and after that return the name if it is same as your connection string and then fetch it and use State Management or context for the same after that
for added security this way you don't have to worry about session
Dec 06, 2010 10:53 AM|atconway|LINK
Then I closed the browser window, I opened a new browser window , navigated to the site and logged in and the database ID and string was there! It had saved the Session info somehow on the local computer. I don't know how the Session object is saved and why
is it still there when I close the webpage.
Session is determines on the server not the client. Therefore the action of closing the browser does
not abandon the session. The session is timed out on the server based on its timeout value. It is also important to realize that session
can be persisted between tabs in a browser. If a user opens a new tab and re-navigates to the same site, all of the session values will be persisted which sometimes is not the desired affect.
Upon opening a new browser a new SessionID should be requested, but to ensure that all session values are beginning with their default values, you should initialize them at minimum within the Session_Start event in the Global.asax file. The following is
an example of what I am stating:
Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
' Fires when the session is started
The above code ensures when a new session is requested, that all session values are initialized to their default values. You should probably read up a little on how session state works in ASP.NET as well to help with understanding:
ASP.NET Session State: