asp.net mvc 4 - Storing user authentication in Session -
when user logs site:
session["user"] = new user(name); to see if visitor page logged in:
if(session["user"] != null) { //session["user"].name logged in! } is secure? client have way of modifying session variables?
please see answer here.
the short answer is: forms authentication more secure.
Comments
Post a Comment