Click here to Skip to main content
16,018,057 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
Hi,

When i run this code, user can login.
I have Following Questions (doubts):

1) Without Global.asax file, can we directly declare session variable?
2) the session variable will be automatically stored in the 'ASPStateTempSessions' table?
3)When I open the table 'ASPStateTempSessions' to see session variable, Why there will be no rows?
4)Are session variables automatically 'serialized' before storing into 'ASPStateTempSessions' ? or we need to 'serialize' session in code?

Last Question: 5) Once we log out of the Application, will session variables stored inside SQl server gets deleted automatically?

Kindly suggest me friends..

Please..

Following is my Source code:
--------------------------------

C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;

public partial class _Default : System.Web.UI.Page
{
    string st = ConfigurationManager.ConnectionStrings["SQLCONN"].ToString();
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void cmdLogin_Click(object sender, EventArgs e)
    {
        try
        {
            using(SqlConnection cn=new SqlConnection(st))
            {
                cn.Open();
                string sql="select * from TLoginUsers where Uname='"+Txtusername.Text.Trim()+"' and Upasswd='"+txtPasssword.Text.Trim()+"'";
                using (SqlCommand cm = new SqlCommand(sql, cn))
                {
                    using(SqlDataAdapter DA=new SqlDataAdapter(cm))
                    {
                        using(DataSet DS=new DataSet())
                        {
                            DA.Fill(DS);
                            if (DS.Tables[0].Rows.Count > 0)
                            {
                                string k = DS.Tables[0].Rows[0][1].ToString();

                                FormsAuthentication.RedirectFromLoginPage(DS.Tables[0].Rows[0][1].ToString(), true);
                                Session["username"] = DS.Tables[0].Rows[0][1];
                                Response.Redirect("ValidUserPage.aspx");
                            }
                            else
                            {
                                lblErrorMsg.Text = "invalid username/password. User authentication failed";
                                FormsAuthentication.RedirectToLoginPage();
                            }
                        }
                    }

                }

            }
        }
        catch (Exception ex)
        {
            lblErrorMsg.Text = ex.Message;
        }
    }
}  



and below is my Web.config's Code:
-------------------------------------
XML
<configuration>
  <connectionStrings>
    <add name="SQLCONN" connectionString="Data Source=cub-33\sqlexpress;Initial Catalog=KIRAN;Integrated Security=True"/>
  </connectionStrings>
    <system.web>
    <sessionState mode="SQLServer" timeout="300" sqlConnectionString="server=.;Integrated Security=true" cookieless="false">
    </sessionState>
    <authentication mode="Forms">
      <forms loginUrl="LoginPage.aspx" timeout="120" slidingExpiration="true">
      </forms>
    </authentication>
        <compilation debug="true" targetFramework="4.0">
            <assemblies>
                <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
                <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
    </system.web>
</configuration>
Posted
Updated 4-Aug-15 4:50am
v2
Comments
ZurdoDev 4-Aug-15 10:42am    
1. You can set and get Session variables anywhere, in any page, not just in global.asax. In fact, global.asax is not a good place to touch the session.
2. If you configure your sessionstate in web.config to store in the db, yes.
3. Is this a question?
Kiran2401 4-Aug-15 10:46am    
Hi RyanDev,
Thanks for considering my post.
3) Yes, the question is: When i look for what session value is stored in database , (i mean, in 'ASPStateTempSessions' table) why there are no rows are shown?
Are they hidden? or they are serialized automatically?
ZurdoDev 4-Aug-15 10:49am    
If there are no rows either there is no active session or you have not configured web.config properly.
Richard Deeming 18-Aug-15 8:53am    
Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
Kiran2401 19-Aug-15 10:03am    
Oh yes, Thanks Richard; It is just a RnD code for understanding the concepts.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900