Click here to Skip to main content
15,558,672 members

Comments by Jason Henderson (Top 1 by date)

Jason Henderson 22-Apr-16 14:11pm View    
Generally, you would not store authentication info (email, pwds, etc) in session variables. You take that info, authenticate with it, and then create a token with their CSPID and other identity info which could include how to connect to the database. The token could be an encrypted JSON string or XML (when passing it around) that you can decrypt on the server side to easily get out the info you need.

As far as keeping the connection open, I think you need to figure that out by your needs. I would say close it for every query, but it you need it multiple times in the same page or server side code, then cache it if instantiating the connection is too slow. You could try connection pooling as well.