Maintaining a session through the full website

[moni]

Hi,

I was hoping I could get a help on this one. I am creating a simple
website, in which I have a login after which the user gets logged in
using a session variable where I append the ID,eg

http://localhost:3944/monisha/Experiments/Projects/Copy/ProfilePage.aspx?ID=1

But from this profile page, I have another search option to look for
other ppl in the database which is getting dispalyed on a page I am
redirecting this profile page to. But on redirecting it, I am loosing
my session id, and the website no longer recognizes that I had logged
in.

Also, I am allowing users to click on any1 else s profile, from the
displayed search results, after which , it will again loose its
Session id, coz I am redirecting it to the profile page which appends
the selected profiles id.

How do I maintain my session throughout the website , and be able to
record my id, and the other person s id, in 2 variables ??

Any help will be appreciated. Thanks alot!

 

[Ray Costanzo]

Store the ID of the person who successfully logged in just in the session.
Since you have it there, there is no reason to pass it in the querystring,
since it will be available in the session. When you need to get the ID of
the person who's logged in, get it from the session data.

Ray at work

 

[Cowboy \(Gregory A. Beamer\)]

Why are you reinventing the wheel? Microsoft has a session object already
and you can use the Membership Provider in ASP.NET 2.0 to authenticate and
authorize without creating a custom scheme. I am not saying there is never a
reason to do what you are doing, but it is insecure in your implementation.

 

[moni]

I havent ever done this before:
can u tell me , how should i store it in the session?

I am doing
String mId = dreader.GetInt32(0).ToString();
HttpCookie moId = new HttpCookie("ID",mId);
dreader.Close();
Response.AppendCookie(moId);
Response.Redirect("ProfilePage.aspx?id="+mId, true);

where mId is my session variable...wat would i need to do...in order
to maintain it?

How would i retrieve this value? as I am storing ids in my sql server
which i need as session ids?

 

[moni]

Store the ID of the person who successfully logged in just in the session.
Since you have it there, there is no reason to pass it in the querystring,
since it will be available in the session. When you need to get the ID of
the person who's logged in, get it from the session data.

Ray at work

Could you tell me, how I would retreive the session id on each page??