How to save session variables in Sql server in "ASPState" database

Question

0.00/5 (No votes)

See more:

, +

Hi,

When i run this code, user can login.
I have Following Questions (doubts):

1) Without Global.asax file, can we directly declare session variable?
2) the session variable will be automatically stored in the 'ASPStateTempSessions' table?
3)When I open the table 'ASPStateTempSessions' to see session variable, Why there will be no rows?
4)Are session variables automatically 'serialized' before storing into 'ASPStateTempSessions' ? or we need to 'serialize' session in code?

Last Question: 5) Once we log out of the Application, will session variables stored inside SQl server gets deleted automatically?

Kindly suggest me friends..

Please..

Following is my Source code:
--------------------------------

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;

public partial class _Default : System.Web.UI.Page
{
    string st = ConfigurationManager.ConnectionStrings["SQLCONN"].ToString();
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void cmdLogin_Click(object sender, EventArgs e)
    {
        try
        {
            using(SqlConnection cn=new SqlConnection(st))
            {
                cn.Open();
                string sql="select * from TLoginUsers where Uname='"+Txtusername.Text.Trim()+"' and Upasswd='"+txtPasssword.Text.Trim()+"'";
                using (SqlCommand cm = new SqlCommand(sql, cn))
                {
                    using(SqlDataAdapter DA=new SqlDataAdapter(cm))
                    {
                        using(DataSet DS=new DataSet())
                        {
                            DA.Fill(DS);
                            if (DS.Tables[0].Rows.Count > 0)
                            {
                                string k = DS.Tables[0].Rows[0][1].ToString();

                                FormsAuthentication.RedirectFromLoginPage(DS.Tables[0].Rows[0][1].ToString(), true);
                                Session["username"] = DS.Tables[0].Rows[0][1];
                                Response.Redirect("ValidUserPage.aspx");
                            }
                            else
                            {
                                lblErrorMsg.Text = "invalid username/password. User authentication failed";
                                FormsAuthentication.RedirectToLoginPage();
                            }
                        }
                    }

                }

            }
        }
        catch (Exception ex)
        {
            lblErrorMsg.Text = ex.Message;
        }
    }
}

and below is my Web.config's Code:
-------------------------------------

XML

<configuration>
  <connectionStrings>
    <add name="SQLCONN" connectionString="Data Source=cub-33\sqlexpress;Initial Catalog=KIRAN;Integrated Security=True"/>
  </connectionStrings>
    <system.web>
    <sessionState mode="SQLServer" timeout="300" sqlConnectionString="server=.;Integrated Security=true" cookieless="false">
    </sessionState>
    <authentication mode="Forms">
      <forms loginUrl="LoginPage.aspx" timeout="120" slidingExpiration="true">
      </forms>
    </authentication>
        <compilation debug="true" targetFramework="4.0">
            <assemblies>
                <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
                <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
    </system.web>
</configuration>

Posted 4-Aug-15 4:33am

Kiran2401

Updated 4-Aug-15 4:50am

v2

Add a Solution

Comments

ZurdoDev 4-Aug-15 10:42am

1. You can set and get Session variables anywhere, in any page, not just in global.asax. In fact, global.asax is not a good place to touch the session.
2. If you configure your sessionstate in web.config to store in the db, yes.
3. Is this a question?

Kiran2401 4-Aug-15 10:46am

Hi RyanDev,
Thanks for considering my post.
3) Yes, the question is: When i look for what session value is stored in database , (i mean, in 'ASPStateTempSessions' table) why there are no rows are shown?
Are they hidden? or they are serialized automatically?

ZurdoDev 4-Aug-15 10:49am

If there are no rows either there is no active session or you have not configured web.config properly.

Richard Deeming 18-Aug-15 8:53am

Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Kiran2401 19-Aug-15 10:03am

Oh yes, Thanks Richard; It is just a RnD code for understanding the concepts.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)