Hello all , I have a web app with few web forms and I’m removed form authentication in web.config file.
May I know is it safe to use session variable to store logged user data ?
Ex: session(“loggeduser”) = “John”
session(“loggeduserID”) = “123”
What I have tried:
Up on user login with login page , I store userID and user name as session(“loggeduserID”) = “123”, then on each I’m checking if session(“loggeduserID”) is having a value. It will redirect to login page if there is no value .
Also session having a userID , it will check SQL database to check if there is an entry in database for the specific user for the specific form name .
Currently everything works smooth and ok , is it safe to use user authentication to each form with the value stored in session(“x”) ?