Last post Aug 19, 2013 01:06 PM by rhondadunn
Aug 16, 2013 01:06 PM|rhondadunn|LINK
For my user login, I have textboxes for user name and password. I call as stored procedure to validate the user name and password. I add the parameters and user a datatable to return the count. If the count is > 0, I redirect to the account page. How
do I set the userid as the session variable and hold it throughout the session until the user logs out? Sorry, but I have never used sessions before. I understand how they are used and what they are for, I just don't know how to code it.
Thanks for any help you can give.
Aug 16, 2013 01:10 PM|BrockAllen|LINK
Session isn't designed for security. Sounds like you want forms authentication instead:
Aug 17, 2013 03:19 PM|francissvk|LINK
Welcome to ASP.Net!
I hope you want to track the user till the logout.
If you are using C#.Net, use the below syntax:
Session["user_id"] = "useridvalue";
If you are using VB.Net, use the below syntax:
Session("user_id") = "useridvalue"
in later cases you can retrive it from session using the same index. like the one below:
string userid = Convert.ToString(Session["user_id"]); // C#.Net
Dim userid As String = Session("user_id").ToString // VB.Net
Hope this helps!
Aug 17, 2013 04:06 PM|rhondadunn|LINK
Yes, I want to track the user until logout. I am using VB. Here is what I have so far:
Dim username, password As String
username = txtUserName.Text
password = txtPassword.Text
Dim cmd As SqlCommand = New SqlCommand("dbo.sp_Login", objConn)
cmd.CommandType = Data.CommandType.StoredProcedure
cmd.Parameters.Add(New SqlParameter("@username", username))
cmd.Parameters.Add(New SqlParameter("@password", password))
Session("User") = txtUserName.Text
Dim da As New SqlDataAdapter(cmd)
Dim dt As New DataTable()
If dt.Rows.Count > 0 Then
lblInvalid.Visible = True
Is this correct? If I understand you correctly, on page load of MyAccount.aspx, I do:
Dim userid As String = Session("user").ToString
Then I would use the userid to pull the user information from the member table to load their name, address, etc.?
Aug 17, 2013 05:25 PM|hans_v|LINK
Is this correct?
No, because already stated by BrockAllen in the first reply, you shouldn't use Session for authentication purposes. In ASP.NET, Forms Authentication is the way to go:
Aug 19, 2013 01:06 PM|rhondadunn|LINK
Thanks for the info. I'll check it out.