Hi
I have a number of applications and keep the userid of the user in the Session variable when he is in any one of them. Problem is that when he moves to another application , I dont want him to have to sign in again obviously so I need to the pass the info.
I could do it with query strings/ Response object but I think that will show the details to publicly.
How can I pass the infor without it being visible to the user?

Dougie
(Scotsman living in South Africa)

As I know, every authentication is known for its project & DLL.
But I guess u can control & check the use when he switch between projects & do authentication Job using ist Session!

HTH.

Always:),
Hovik Melkomian.

I have checked, and indeed the Session variables are wiped when it goes to a different project.
The question is really more about how to pass the variable to the new page without using query strings which show the info to all and sundry!
Thanks

Dougie

If the URL root is the same, you can use cookies to pass an authentication token (that you create yourself) among the applications.

If they are not- you have to pass the authentication token in plaintext over the query string.

The advantage of using a QUery TOken is you can use a GUID (for example) and use that to point into a database that holds the real authenticaion information. a GUID is complex enough that the user wouldn't be able to fake it to get access. You can timeout the token in the backend database to be valid for X time. (or X time after the last contact). This secures the information and gives you the "single signon" you need.



Hal Levy
Web Developer, PDI Inc.

NOT a Wiley/Wrox Employee