0

Hi ive asked this over on the offical asp.net forums aswell though it would hurt to ask here to.

First some background information (feel free to skip it)

i've only recently started learning asp.net web pages

To start i picked up a few books, that went through web security register/login etc. Using the WebSecurity class.

A while back I made my own website to sell/distribute my own software. This was done using php & mysql.

However ive been wanting to update this as well as build a few more product oriented websites. And just use the main site as a store.

I could do this in php but I would need to brush up on it first. Which given my situation isn’t the best use of my time. As lots of jobs ask for experience using asp.net as well as several years programming experience part of the reason I decided to try and develop my own software. But it it doesn’t work out ill need a job which is why I started learning asp.net.

Now the problem

For my existing site I chose to generate a string of random letters and numbers to use as ids for products, customers etc. I do the same in my software as well instead of using the auto increment in the data field so id 1,2,3 etc.

instead I have strings like a3hgt4ssf, 3243dfsa, sdas342d.

Initially things started okay using following the book using WebSecurity and along with the role provider to deal with logins, creating users, restricting access etc.

Then I found out I had to use the auto incrementing ids. So I started creating my own web security and role provider based upon theirs same functions etc.

But now im stuck initially I stored some data in cookies loggedIn, customerid, username no password then I just checked for the is login cookie. This was how the books did it when I first started learning web development but I moved to software and haven’t followed it to much over the years (lack of time).

Now im not sure if I should be using cookies (same as before) or not, or should I use sessions which expire when the browser closes (as far as I know)

My main concern being security i'm using paypal to process payments. So I think that makes it less of an issue but still.

Im also aware of the size of the .net framework, so I don’t want to reinvent the wheel if features are already available to the accomplish what I need.

Jamie89
  • 31
  • 1
  • So your actual question is about cookie / session expiry? ASP.NET will usually use cookies behind the scenes to make sessions work anyway, so there may not be any difference. Yes, you can set both sessions and cookies to expire immediately or after a configurable amount of time. – Rup Aug 30 '12 at 10:14
  • Well its more which should I use (probably didn't make that clear in the question :() Am I okay checking for the existence of cookies for my own login as i did before So if logincookie logged in else redirect to login page. or should i use sessions? or is there something else i could/should use. – Jamie89 Aug 30 '12 at 10:28

0 Answers0