Re: Session State vs. What?
From: David Lozzi (dlozzi_at_(removethis)delphi-ts.com)
Date: 07/21/05
- Next message: J-T: "Re: Please Help!-Trying to brows my asp.net application but I get a logon prompt-"
- Previous message: J-T: "Please Help!-Trying to brows my asp.net application but I get a logon prompt-"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Jul 2005 14:23:24 -0400
Interesting.... If I were to use the cache scenario, what would that look
like? How do I simply load it and read from it? I've never used cache
before.
Thanks!
David Lozzi
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:e%23EowqhjFHA.3540@TK2MSFTNGP14.phx.gbl...
> Yep, this is a good point. That is another good reason to use cache in
> this instance (which was what I was trying to suggest as his first choice
> approach).
>
> Sometimes session is the appropriate way to solve a state problem, but
> oftentimes it is not, especially given the host of other approaches
> available in ASP.NET.
>
> Thanks,
>
> Joe K.
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:628050632575659638047280@news.microsoft.com...
>> Hello Joe,
>>
>> the thing is that you don't have session state in AuthenticateRequest -
>> the SessionStateModule runs after FormsAuthentication...so you could use
>> Session but have to find a way to work around that.
>>
>> I personally don't like Session because it is slow (2-3 round trips per
>> page to the session store and you should only enable it on pages where
>> you need it, or set it to read only) and there is often a lot of
>> confusion about timeouts, especially when combined with FormsAuth.
>>
>> I would use the cache, and program defensively and just check everytime
>> for an invalidated cache.
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>>> In this case, you can use Session state (still works in .NET and has
>>> more options such as out of process) or the Cache.
>>>
>>> The cache has the advantage of being very fast. The idea with the
>>> cache is that you only use it for cacheable data that can be
>>> regenerated if it is not in the cache. You would not use it for
>>> critical data that the user has input as part of an ongoing process or
>>> something.
>>>
>>> So in your case, you might generate an IPrincipal for the user on
>>> their initial login and then put it in the cache. On subsequent
>>> logins, you would determine their identity and try to retrieve the
>>> IPrincipal from the cache based on the user name. If it is in the
>>> cache, then you just use it, if not, you regenerate it from your data
>>> source, add it back to the cache and use it.
>>>
>>> You could also do this with session state just as well, but you
>>> probably don't have to in this case unless there is data in this
>>> object that you really need for the whole session that can only be
>>> generated on the initial login or something.
>>>
>>> Those are my thoughts,
>>>
>>> Joe K.
>>>
>>> "David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
>>> news:%23Z1RGPgjFHA.1464@TK2MSFTNGP14.phx.gbl...
>>>
>>>> Howdy,
>>>>
>>>> I just learned how to use Forms Authentication. yeah me! However, it
>>>> is quite limited as to how much information you can store and
>>>> retrieve from it. For example, in my past ASP and ASP.NET
>>>> applications I have used the session state to store a user's IS,
>>>> Fullname, security level, email and some other minor items. How is
>>>> that to be done without Session state?
>>>>
>>>> Here is one possible scenario I thought of: with the Forms Auth.
>>>> having the username, query the SQL database everytime a page is
>>>> loaded (or whenever necessary) to pull the user's information as
>>>> necessary. The bad side to this is that there will be 'unnecessary'
>>>> traffic on almost every page. Currently, for example, I do something
>>>> like so: If session("SecurityLevel") < 8 then
>>>> response.redirect("home.aspx"). Simple enough. With this scenario, I
>>>> would have to query the database first then return the security
>>>> level. More work for the server, no?
>>>>
>>>> Is there another way? Or is session state the best solution? I
>>>> remember reading a few posts that stated using the session state was
>>>> not a desired function due to overhead on the server, or something
>>>> like that. I can imagine the server would work harder querying the
>>>> database for a single number over storing a number in the session
>>>> state.
>>>>
>>>> I am trying to find the best solution moving forward, assuming
>>>> Session State is not it. I appreciate all of your input!
>>>>
>>>> David Lozzi
>>>>
>>
>>
>>
>
>
- Next message: J-T: "Re: Please Help!-Trying to brows my asp.net application but I get a logon prompt-"
- Previous message: J-T: "Please Help!-Trying to brows my asp.net application but I get a logon prompt-"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Session State vs. What?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
