Hi,
If i understood you right, you are wanting to hold the session of a user logged into a web site that may have sensitive data?
If i was to be tasked with designing this sort of system with ASP.Net, i would probably be doing the following:
-
User login controlled by formsauthentication with a secure cookie
-
Formsticket to hold a unique number to reference a database entry
-
Database backend linked by formsticket data to user data and preferences
-
Master pages or sub classing page class to rebuild the user data on page load
That way, once a user is logged in, all their data can be held securely, only a reference to the data is stored in the encrypted cookie and you get a warm rosy glow knowing you have protected your customers data
Si
Enter your message below
Sign in or Join us (it's free).