Security based on session, what's wrong?
From: Matt (none_at_none.com)
Date: 04/27/05
- Next message: Aleksandr Sliborsky: "RE: EventLogPermission via caspol.exe"
- Previous message: poz: "Re: Webapplication Login and RSA API"
- Next in thread: Brock Allen: "Re: Security based on session, what's wrong?"
- Reply: Brock Allen: "Re: Security based on session, what's wrong?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 10:54:10 +0200
Hello,
I'm working on a portal derived from IBuySpy, and I have changed
I check username and pwd against a database, then I make a
Session["User"]= UserID (the ID I get from the database, if it
exists).
Now I create all the pages based on that ID stored in a session
variable.
If that user is authorized to see a certain tab, module or content,
the page is created that way. All the auth info (user/contents) are
stored in another database table.
Everything works fine without use fo forms authentication.
Is there something wrong with it? should I use forms authentication?
why?
Thanks,
Mattia
- Next message: Aleksandr Sliborsky: "RE: EventLogPermission via caspol.exe"
- Previous message: poz: "Re: Webapplication Login and RSA API"
- Next in thread: Brock Allen: "Re: Security based on session, what's wrong?"
- Reply: Brock Allen: "Re: Security based on session, what's wrong?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
