Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

ASP.NET Session Login Without Cookies

0.00/5 (No votes)
11 Aug 2003 1  
Easiest way to authenticate users without cookies.

Introduction

The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.

  1. Create a Web.config file with the appropriate entries to allow session state management.
  2. Create a well formed Global.asax file with the code below included in it.
  3. Create a login page to authenticate users against a database or whatever method you desire.

Code usage

Required Code in the Global.asax

' Fires when the session is started and sets the default loggedin state to ""

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
Session("Loggedin") = ""
CheckLoggedIn()
End Sub
' Called when the request has been process by the Request Handler and 

' HttpSessionState is available [This is the key piece of code that forces 

' the user is login check with each page request]

Sub Application_OnPostRequestHandlerExecute()
CheckLoggedIn()
End Sub
'Check that the user is logged in.

Sub CheckLoggedIn()
'If the user is not logged in and you are not currently on the Login Page.

If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then
Response.Redirect("~/Login/Login.aspx")
End If
End Sub

Finally create a Login.aspx file that authenticates the user. If the user is allowed in, set: Session("Loggedin") = "Yes"

That's all there is to it. Hope this helps! Enjoy!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here