C# - Converting From Saving In Session To Cookies?
Mar 5, 2011
So, I am working on a demo web dashboard. Previously, I had been using Session to store settings about the dashboard, but I would like to move it to a more persistent means of saving settings.It seems to me that using cookies would be my best bet. I'm not entirely positive I have the time to work everything out for writing to/from a database properly.That being said, I might be in over my head on some assumptions I had made about the similarities between Session and Cookies. Currently, I have some code like this:
public Dictionary<string, RadPageViewSetting> PageViewStates
{
get
[code]...
View 2 Replies
Similar Messages:
Oct 30, 2010
I have an asp.net site. Its a mixture of web forms and MVC2.
I have this on 2 different servers which I get to via different urls.
On one server authentication works fine via all browsers (IE 8, FF 3.6, Chrome)
On the other IE 8 fails, it doesn't send back the cookie on the request to the page after authenticating.
Using Fiddler I have seen that both sites attempt to set the cookie, in the response from the login page.
Response Header I see from both servers
Set-Cookie: DemandLaunch=CCA4...E79C2D1; path=/; HttpOnly
Both sites are in the internet zone of IE.
I'm at a loose for what to check now.
I also have a page that sets a cookie via c# code and that cookie fails in IE as well.
The IE issue is not on a single computer either. I see this failure on 4 different computers Internet Explorer.
My urls which I should have included were:
beta.[site].com - works
beta_[company].[site].com - fails
View 1 Replies
Dec 10, 2010
Background: From a desktop application, users will navigate to an SSL-encrypted web portal where they will have to enter a username / password if it's their first time logging in. I want to be able to securely persist their user session. I was thinking of using encrypted cookies, storing their username and a unique session token / key, but was wondering what benefits client certificates offered in terms of security.
The way I see understand it currently:
Encrypted cookies:
Saved on the user's machine just like any other cookie Since the entire site is SSL, the contents of the cookie cnnot be tampered withEasily implementableWhen a user logs in again, invalidate the token / key and issue a new one
Problems:
Anyone attempting to access the web portal on the computer with a saved session will be able to, but this is a problem with any persisted session, right?
How do I know that computer A is computer A and not just computer B that copied computer A's cookie?
Client Certificates:
A pain in the ass to install Will uniquely identify that person's computer (or can it be restricted to the user account) to the web portal If the client certificate is stolen, then the account is compromised
Question: For persisting user sessions with the utmost security, would encrypted cookies be sufficient or would I need to install client certificates? How do they differ?
View 1 Replies
Mar 23, 2011
Here is my code:
protected void SaveMyImage_Click(object sender, EventArgs e)
{
string imageUrl = Hidden1.Value;
string saveLocation = Server.MapPath("~/PictureUploads/whatever2.png") ;
[Code]....
The top imageUrl declartion is taking in a Base64 image string, and I want to convert it into an image. I think my set of code only works for images like "www.mysite.com/test.jpg" not for a Base64 string.
View 2 Replies
Mar 8, 2011
Here's what I have in my ASPX file:
<form id="form1" runat="server">
<table border="1" width="100%">
<tr><td>Firstname</td><td>Lastname</td></tr>
<tr><td><%=Request.Querystring("fname")%></td></tr>
</table>
</form>
Here's what I have in my aspx.vb file:
Imports System.IO
Partial Public Class MyexcelPage
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Clear()
Response.Buffer = True
Response.ContentType = "application/vnd.ms-excel"
Dim stringWriter As StringWriter = New StringWriter()
Dim htmlTextWriter As HtmlTextWriter = New HtmlTextWriter(stringWriter)
Me.RenderControl(htmlTextWriter)
Not sure what to do after this or if the above will do anything.
View 5 Replies
Feb 22, 2010
I want to use session object in my web app.I want to store some cookies too(Some custom informations) .How can i use both without the URL not being modified like [URL]
In my ASP.NET page,I am setting some session variable
Session["customerId"]="Some name";
Then i am trying to set some value in cookie
[code]....
In this page now i can access the sesion variable values,But when i m being Redirected to another asp.net page, I am not getting my session values there.Its seems like Its being lossed.
View 3 Replies
Feb 7, 2011
I am using Logi Reports for creating reports in my application. I am passing cookies from web application to these logi reports. Cookies were workign correctly before, but after the release of this version. Cookies are not working in these logi reports.
View 1 Replies
Nov 26, 2010
How to make session to not to use cookies
View 4 Replies
Jan 27, 2010
Am trying to design login page for my website and I am looking for methods other than forms authentication. The way in which I am trying is to have a table in the database that stores user information and check for the user validity.
The point where I get struck is how do i set cookies and session variables and how will I carry it through out the system. Can anyone tell/suggest me where I can relevant material so as to move forward. And also is my idea of negating traditional forms authentication and going for a model I described, is it good also does any other better method exist?
View 1 Replies
Jul 5, 2010
How can we make session, not use cookies ?
View 1 Replies
Sep 24, 2010
Since session and cookies are both used to store temporary data, what is the difference between them?
View 9 Replies
Mar 29, 2011
my main concern is using Session. I've always been under the impression that if you use the following statements (not that I would):
Session["newVar1"] = "a new session variable";
Session["newVar2"] = "a new session variable";
Session["newVar3"] = aLargeVariableThatHoldsLotsOfData;
You would be creating 3 new session cookies that hold the particular value. But I think my asp book is indicating that you would actually create 3 new variables in your session state object and ASP would only pass a unique Session ID (as a cookie?) in the response, and would get this ID upon the next request and associate that ID with your Session State Object (that IIS has stored in memory..?):
[code]....
That doesn't seem ideal for a website with lots of traffic. A server that is storing and maintaining thousands and thousands of instances of session state per website seems like way too much overload.
I'm trying to see what's going on on my own, but I'm having trouble.. I can't find my site's cookies anywhere on my machine (IE/windows xp). I've checked C:Documents and Settings icholasrCookies and C:Documents and Settings icholasrLocal SettingsTemporary Internet Files which, according to this yahoo answer, IE cookies are stored as well. I'm using ticket authentication in my app which stores a auth cookie on the client, so a cookie from my site has to be somewhere..
View 1 Replies
Apr 7, 2010
Do session use cookies? If so,how do they do so?
Assume Session["UserId"]=1 how does this session variable uses cookies internally? If so, what will be the name of the cookie and what is the value of that cookie....
View 2 Replies
May 12, 2010
i have 3 pages, lets say pageA, pageB and pageC.
1 . From "pageB", i'm sending some data to "pageA" and and retriving the result with using HTTPWebRequest and HTTPWebResponse classes. I have no problem with this
2. pageA fills some session data, like Session["CustomerInfo"] .
3. After retrving some data from "pageA", I'm redirecting from "pageB" to "pageC".
At PageC, i want to use session variables which i fill at "pageA":
At pageB, i get the CookieContainer of the HTTPWebRequest object and it retrives correct SessionId.
And here is the code that redirects pageB to pageC:
Response.Cookies.Clear();
Request.Cookies.Clear();
foreach (Cookie cookie in SessionCookieContainer.GetCookies(new Uri(http://localhost/bla/bla)))
{
Response.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value));
Request.Cookies.Add(new HttpCookie(cookie.Name, cookie.Value));
}
//Response.Redirect("../Default.aspx");
Server.Transfer("../Default.aspx",true);
At pageC , Request.Cookies and Response.Cookies are set truly, as i sent them from pageB, but there is nothing in the session. Session.Count is zero. And SessionId is different from the value which is stored in cookies.
View 4 Replies
Jan 13, 2011
I am using session sate with SQLServer mode in asp.net MVC2.I want to disable cookies.I tried Cookieless="UseUri" but It adds session token to URL So It fails in MVC.
View 14 Replies
May 7, 2015
I am using a viewstate to store the company Ids and splitting at hyphen.
protected void onCompanychange(object sender, EventArgs e) {
ViewState["companyID"] += companydropdown.SelectedValue + "-";
String companyids = ViewState["companyID"].ToString();
string pattern = "-";
company_array = Regex.Split(companyids, pattern);
company_length = company_array.Length;
}
Company array is a string array where i have stored the company ids
the problem is company_array[0] has the initial value of the dropdownlist(company) --select company which is why m getting the error(cannot convert data type nvarchar to int) . I have used the same logic in many places in my project it did not give any error.
int count = 0;
company_length = company_length - 1;
while (count < GridView3.Rows.Count && compid_counter < company_length ) {
cmd = new SqlCommand("insertWorkDetais", conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@trainerId",trainerID);
[Code] .....
View 1 Replies
Aug 5, 2010
I am using session to strore code
if (!string.IsNullOrEmpty(Request.QueryString["c"]))
System.Web.HttpContext.Current.Session["Code"] = Request.QueryString["c"];
else
System.Web.HttpContext.Current.Session["Code"] = "GR";
Instead of session,now I want to use cookies.
View 8 Replies
Jul 22, 2010
i am having this weird problem only when i deploy my site [localy Everything works fine] when you try loging in from IE 8, the page simple refreshes! and no authentication takes place After lot of research, i found out that Internet Explorer 8 denies session cookies and to confirm this, i unchecked Enable protected mode (can be found in, internet options, security), and then tried logging in, it worked perfectly fine just like it did in other browsers [Firefox and google chrome]. I have found one solution which is to lower the security level, but i cant tell every visitor on my site to do that since its not practical.
View 1 Replies
Mar 10, 2010
I need to persist data between pages.I tried using session but the value is not saving.
Should using cookies be a better option? If so give a small example of transfreing and saving data between pages.
View 20 Replies
Feb 11, 2010
It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
View 1 Replies
Apr 4, 2011
I am using "cookies" to maintain session in my asp.net azure application.
What I want is that when a user logs in to my website and remains idle for 15 minutes it should automatically log them out and redirect them to the login page.
How can I achieve this?
View 2 Replies
Dec 21, 2010
I have 4 webpages. In those pages, i am using session variables,viewstates,cookies. I am passing session variables,viewstates to different pages. Now the problem is sometimes i am getting the old cookie values or session values. I want to clear all these things when i close the browser or if i open a new tab of browser.
View 10 Replies
Oct 28, 2010
In my project I have configured .NET's sessions to go into database.
I also have a global.asax which implements Session_Start().
In Session_Start() I write three things to the session:
The time the session started.
The user's host address.
A serializable device object wrapping the user's agent.
The problem is now that users which don't allow cookies won't allow session cookies either.
(Easily reproducable by putting the site URL to the restricted sites of IE).
If I keep on refreshing (put finger on F5) a new session is created for every request (-> no session cookie). Shortly, the web server process grows to some hundred megabytes.
It does not matter if you use IIS7 or Cassini Local Webserver.
The issue is now: the memory does not get released until the sessions time out. What is the logic here if sessions should really go to database? How long will .NET keep them in memory? Eventually, you'll even get Out Of Memory exceptions!
Anybody know? How to detect and prevent such (almost malicious) "attacks"?
View 2 Replies
Aug 10, 2010
using ASP.NET 2.0 VB.NET how to detect if the session cookies are enabled?
I know how to detect the cookies in general but you can set IE to block the cookies and accept the session cookies...How to detect this?
View 2 Replies
Feb 15, 2011
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
View 3 Replies
