Session State vs. What?
From: David Lozzi (dlozzi_at_(removethis)delphi-ts.com)
Date: Thu, 21 Jul 2005 10:52:08 -0400
I just learned how to use Forms Authentication. yeah me! However, it is
quite limited as to how much information you can store and retrieve from it.
For example, in my past ASP and ASP.NET applications I have used the session
state to store a user's IS, Fullname, security level, email and some other
minor items. How is that to be done without Session state?
Here is one possible scenario I thought of: with the Forms Auth. having the
username, query the SQL database everytime a page is loaded (or whenever
necessary) to pull the user's information as necessary. The bad side to this
is that there will be 'unnecessary' traffic on almost every page. Currently,
for example, I do something like so: If session("SecurityLevel") < 8 then
response.redirect("home.aspx"). Simple enough. With this scenario, I would
have to query the database first then return the security level. More work
for the server, no?
Is there another way? Or is session state the best solution? I remember
reading a few posts that stated using the session state was not a desired
function due to overhead on the server, or something like that. I can
imagine the server would work harder querying the database for a single
number over storing a number in the session state.
I am trying to find the best solution moving forward, assuming Session State
is not it. I appreciate all of your input!