Forms Authentication and Session Variables

[Jim]

Hi,

I am using forms based authentication for my website. Whilst testing I have
noticed that occasionaly it appears that the Context.User.Identity.Name is
valid however the session variables that I have created as the website is
used have been lost.

I think it is something to do with the session timeout. I thought when the
session times out (session varaibles lost) the user context is cleared as
well - or is this an incorrect assumption.

Your thoughts would be most welcome.

 

[Guest]

Hi Jim,

Context object holds data for a single user, for a single request and it is
only persisted for the duration of the request.

Cheers,

Jerome. M

 

[Jim]

Thanks Jerome,

Starting to make a bit more sense now. I've created my own principal and
identity objects to store all information relating to the user (name,
company,email address etc) that is used frequently by the pages within the
website. I was using session data for this but was experiencing problems
when the session timed out yet the user was still authenticated. I guess i
am on the right track now.

Is the Context.User information populated from cookie information stored on
the client? If so, is it sent back and forth with each request? Might have
to trim the data I store if that is the case.

Am I correct in thinking that the Context.User is only lost when the browser
window is closed (or is there a timeout associated with the authentication
process)?

Many thanks again.

Jim