Asp.Net Session used in Login Application


This is My First Article in DNS. This article gives you a short idea about a How to use Session in ASP.Net Applications.This article will give you a How to use session in Web Application.State Management using session is one of the asp.net best features, because it is secure, transparent from users and we can store any kind of object with in it.

Introduction


In this Article, I have used Session in My ASP.Net Login web Page. This Application is Secure Web Page. See How to store username and password in session and Retrieve values from Session. Please provide your valuable Input and feedback.

Session


Session is used to passing data between two pages. It is stored in Server Memory
Session is one of the best features in asp.net. it is maintain a user information.

Advantages of session :
Session is used to maintain user states and data to all over the application.
Session is easy to use and store any kind of object like dataset.
Session Stores every client data separately in server memory with session id.
Session is secure and transparent from user.

Disadvantages of Session:
Performance will decrease when we use large volume of user, because session value stored in server memory.

Here I am getting username and password from database and stored in session.
Example

SqlDataReader dr;
dr = Cmd.ExecuteReader();
while (dr.Read())
{
Session["Username"] = dr["UserName"];
Session["Password"] = dr["Password"];
}

Here see how we can retrieve values from Session and display in label.
If the session value is null, it will redirect to Login.aspx for user login.
If the session has value, the label will display the username.

if(Session["UserName"]!= null)
{
lblUser.text = Session["UserName"].ToString());
}
else
{
response.redirect(“Login.aspx”);
}

In this application has two pages Login.aspx and Default.aspx.I have used Two Textbox (txtUsername txtPassword) and one Button btnLogin in Login.aspx and retrieve session value in Default.aspx.Once Login button is clicked, it will check the username and password match with database. It is matching, the user information stored in session and redirect to default.aspx page.

Use Following code in Button click Event(Login.aspx.cs).
Server Code

protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection cnn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionStr"].ConnectionString);
string Query;
Query = "SELECT * FROM tblUsers WHERE UserName='" + txtUserName.Text + "'" + " and Password='" + txtPassword.Text + "'";
cnn.Open();
SqlCommand Cmd = new SqlCommand(Query, cnn);
SqlDataReader dr;
try
{
dr = Cmd.ExecuteReader();
while (dr.Read())
{
Session["Username"] = dr["UserName"];
Session["Password"] = dr["Password"];
Response.Redirect("Default.aspx");
}

if (!dr.Read())
{
lblMsg.Text = "InCorrect Username and Password";
}
}
catch
{
cnn.Close();
Label1.Text = "InCorrect Username and Password";
}
finally
{
cnn.Close();
}
}

Use Following Code in Default.aspx (retrieve the Session Value)

protected void Page_Load(object sender, EventArgs e)
{

if(Session["UserName"]!= null)
{

Response.Write(" Hi "+ Session["UserName"].ToString());
}

}

if we want to kill or destroy the session value in your web page use Session.abandon.In button click event you can give Session.abandon(); kill the user. And we can set the time for session. I am using InProc in session mode. It is stored in IIS in Server.

<sessionState mode="InProc " timeout ="20"></sessionState>

In web.config we have to Configure the connectionstring and set session timeout 20.
In connectionStrings

<connectionStrings>
<add name="ConnectionStr" connectionString="data source=Surendhar;database=Production;uid=sa;pwd=tiger;"
providerName="System.Data.SqlClient"/>
<system.web>
<sessionState mode="InProc " timeout ="20"></sessionState>
</system.web>

Session provides that facility to store information on server memory. It is used to passing data between two pages.

Finally you can create secure web login page in ASP.NET using Session.
I think it will help you. Thanks for reading My Article.

Happy Coding....


Comments



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: