Login page & Session data...response.redirect, server.transfer or ???

[GreggTB]

I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;


Originally, I'd been trying to use Response.Redirect to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX" in the address field. Not
really a problem except for two things...

.....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

....,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.


My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

2.) Is there a more effective/efficient way to use Server.Transfer?

Any assistance would be greatly appreciated! Thanks!

 

[Guest]

Have you tried using User.Identity.Name to identify the user? This may be a
more efficient method of doing this.

 

[GreggTB]

Thanks for the suggestion, MrMike!

The user profile I'm trying to save is rather more complex than the
generic GenericPrincipal and GenericIdentity objects. It has a few more
string properties plus a small collection of sub-profile objects. The
app is still very early in development so I suppose I could try
reworking the user profile structure, extending IPrincipal and
IIdentity and storing the info that way.

Do you know if I can then use Response.Redirect without losing the data
or is there still a risk of that?

 

[Joe Fallon]

Here is one way to handle this:

--
Joe Fallon

I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;


Originally, I'd been trying to use Response.Redirect to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX" in the address field. Not
really a problem except for two things...

....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

...,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.


My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

2.) Is there a more effective/efficient way to use Server.Transfer?

Any assistance would be greatly appreciated! Thanks!

 

[GreggTB]

It may very well be a good book on Business Objects but the author
appears to be using an architectural design framework of his own
creation....maybe it's great but I cannot believe that the only way to
make this stuff work in .NET is to use this guy's framework. This has
to be a fairly common problem that can be handled without having to
learn some third-party design structure.

 

[Joe Fallon]

Ummm.
I think you missed the point completely.
There is no need to read the book or learn his framework.
(You would be better off if you did but that is another story.)

The code you are looking for was in my message:

Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.AcquireRequestState

If Not Session("myPrincipal") Is Nothing Then
Thread.CurrentPrincipal = DirectCast(Session("myPrincipal"), myUser)
HttpContext.Current.User =DirectCast(Session("myPrincipal"), myUser)
Else
If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
Web.Security.FormsAuthentication.SignOut()
Server.Transfer(Request.ApplicationPath + "/Login.aspx")
End If
End If

End Sub

 

[GreggTB]

Okay, sorry about that. I've no doubt I did miss the point completely.
I was still losing all of the Session info with the Response.Redirect's
[endResponse] parameter set to [false]....I ended up just starting a
fresh web app and it's going well now. I'll try your suggestions and
I'm sure they'll work out.

Thanks for your help...and your patience!

 

[Damien]

I've got an page (LOGIN.ASPX) that receives the user's login
information. During the page load, it checks the credentials against a
database and, if validation is successful, creates an instance of an
object that stores the user's basic profile data (username, user type,
associated sales region, etc.).

I've been taking this user info and placing it in the Session object
like so...

Session["USER"] = user;


Originally, I'd been trying to use Response.Redirect to send the users
to the next appropriate page in the application but it seems that the
Redirect kills the current thread and thus the session data is lost.

So I tried using Server.Transfer which seems to work but, of course,
the client's browser still shows "LOGIN.ASPX" in the address field. Not
really a problem except for two things...

....when the user hits F5 to refresh the page, the page executes from
the beginning and walks through the login process all over again.

...,if the page displays a link to another page in the same
application, clicking the link will also cause the contents of the
Session object to disappear.


My questions are:

1.) Is there any way to use Redirect from the login page without losing
the contents of the Session object?

I've got a forty page app at the moment using Response.Redirect on
practically every page, and heavily using the session.

Two ways you *might* be losing your session would be:
1) You're using cookieless session and you're redirecting to a complete
URL e.g. Response.Redirect("http://www.mysite.com/page.aspx") would
cause the session to be reinitialised (for cookieless session)

2) You're going into a subdirectory/virtual directory which has a
seperate application configured in IIS.

Any help?

Damien

 

[GreggTB]

I have no clue what was causing it but it certainly wasn't either of
those. I fiddled around for a while and eventually got things rolling
along just fine.

I'm being very careful to set the endResponse parameter to "true"...

Response.Redirect("goto.aspx", true);

....and that seems to be working fine. Dunno why I couldn't get it to
save originally. [shrug]

I do appreciate your help, though. Thanks!

 

[GreggTB]

Okay...I'm just way too tired. The above reply should say...

/**************************************************/
I'm being very careful to set the endResponse parameter to FALSE...

Response.Redirect("goto.aspx", false);
/**************************************************/

Obviously setting it to true will abort the thread and the Session data
will be lost.

 

[Damien]

Okay...I'm just way too tired. The above reply should say...

/**************************************************/
I'm being very careful to set the endResponse parameter to FALSE...

Response.Redirect("goto.aspx", false);
/**************************************************/

Obviously setting it to true will abort the thread and the Session data
will be lost.

Hmm. I've never had that problem? Unless you're trying to save the
session data after the call to Response.Redirect, which as you say,
wont work since the thread gets killed.

I cant really think of anything else at the moment though. Glad you've
managed to find a solution.