stackoom
  简体   繁体   中英

Login screen - should we use cookies

 原文  2013-01-22 19:19:35       c#/ asp.net/ asp.net-mvc/ asp.net-membership/ session-cookies

Question

I have a login screen, and upon successful login i will display a welcome screen. But the problem is if i refresh the web page. i am taken back to the login screen. If i am successfully logged in, then if i refresh i should go to the Welcome page.

I did some research and found out that i should be using cookies to handle this. Is cookies the best approach or are there any other way i could solve this ?

Could someone please point me to a good tutorial that explains how to do this? or some sample code to start with?

2 answers

solution1
 4  2013-01-22 19:26:01

Here is the MSDN on the FormsAuthenticationTicket class that is used for authorizing users to your application. This is the term that you want to ask about/Google for more information on user authentication.

The basic premise is that once you have authenticated a user, you issue an encrypted cookie that contains some basic information about that user. This cookie is what is used to prove the user is who they say they are, defines the login expiration times and allows you to authorize them to different resources in your application.

Words of Caution

With that said, if you are rolling your own authorization/login system, I highly encourage you to use the built in .NET membership providers. There are many caveats to web authorization and authentication and the likelyhood that you leave a security hole open using your own code is extremely high.

solution2
 0  2013-01-22 19:32:53

Here are some other approaches that don't require cookies:

  • if you can use authentication provided natively by browser (ie Windows if your case is intranet with Windows domain) than you can base your decision on headers other than cookie header (ie in case of Windows auth you can use "impersonate request as user" functionality) to see if user is "logged in" to your system.
  • you can also set information on local system in Local storage to say "this user is logged in" and than check on login page if some other page needs to be rendered. This is not secure approach, but it maybe ok (as you still need to have some way to secure all other pages).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why *should* we use EventHandler Should we use encoding for HtmlString? Get Cookies from a Driver and use them to Login in another Driver Should I use cookies to speed up responsiveness of dashboard? Should we use the entities generated by entity framework When, if ever, should we use const? Should We use a Windows Service or Thread Pool? Why should we use literals in C#? Why we should use ToString method with StringBuilder? Should we use struct for data and class for behavior?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM