Using Session to handle Membership - Secure enough?

Cirene · Sep 16, 2008

My membership portion of my website is pretty simple - only Admin and 2
other roles.

I was thinking of using session vars store the login information? Such
as...
If Session("IsAdmin") then.... ' allow access to the page

If they login ok I would just set Session("IsAdmin") = True, etc...

Is using Session vars a secure enough way to do it? I know that I will not
be able to take advantage of the login control, etc...

(I am using MySql and it's been a pain trying to make it the provider to use
the built-in stuff.)

Thanks!

Steve C. Orr [MCSD, MVP, CSM, ASP Insider] · Sep 16, 2008

The short answer to your question is yes.

Of course security is a deep topic...

--
I hope this helps,
Steve C. Orr,
MCSD, MVP, CSM, ASPInsider
http://SteveOrr.net
http://iPhonePlaza.net

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.	2	May 5, 2023
membership	1	Jun 9, 2009
Put user in session using membership	1	Jun 5, 2008
Question about membership/security	1	Apr 30, 2008
Thoughts about using Session variables for login security?	3	Mar 5, 2008
Unable to login to membership database	1	May 10, 2010
membership provider	1	Aug 23, 2009
ASP.Net Membership & Roles Using MySQL- Basics Needed.	6	Apr 10, 2008

Using Session to handle Membership - Secure enough?

Cirene

Steve C. Orr [MCSD, MVP, CSM, ASP Insider]

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads