Jump to content

New Cache Info Lost

tossedsalad

By tossedsalad
in Website

Followers 2

Recommended Posts

fizzymagic

+fizzymagic

Posted
Posted
A session (as mentioned above) is stored on the web server (server) in an chunk of memory describing who the person is that is hitting the site. This information contains the User ID, Email Address and various other information about you. Each time you click a link or a button, the server verifies that you are currently logged in and have the correct permissions to view the page you are navigating to.

Doesn't have to be this way with asp.net, raine.

 

This exact situation is what the _VIEWSTATE variable that appears on all asp.net interactive pages is for. The session information can be kept on the client side, so that no server resources are required. If you look at the pages generated by geocaching.com, you will see the variable appear on most of them. Additionally, this field can be encrypted so it is opaque to the user.

 

This feature is probably the only thing that asp.net does better then (or even as well as) the competition. Since the geocaching.com site is implemented using asp.net, I recommend taking advantage of it.

Link to comment
Jeremy

Jeremy

Posted
Posted

No. I was hinting that it was a security issue. A page stored with all your login information now sits on who knows what machine. Someone restores that page and presses a button and voila! They're you!

 

Sure, you choose "remember me" for a cookie but that is your concious choice and something you can remove by logging out. A viewstate storing that data is not your choice.

 

Of course a better solution has already been recommended, so the point is moot. However, the viewstate does actually store your cache information for after you log back in. Nothing lost - huzzah!

Link to comment
Raine

+Raine

Posted
Posted

ViewState is added by the Server automagically. If I were to force something to be written to the viewstate I'd have to add that code everyplace I could think of it having to be written and retrieved.

 

Trust me when I say its harder then Fizzy is making it out to sound.

Link to comment
mini cacher

+mini cacher

Posted
Posted (edited)

Why is _VIEWSTATE there anyway? A little Greasemonkey script shows me all the hidden form variables and that one is pretty much always there. And during development of... uh... some stuff I was messing with... it was required to be passed around and it changed all the time (which was a huge PITA). It does something important, I just couldn't ever make any sense of it, with it all encoded. I guess its not session info, though with a name like "_VIEWSTATE" it seems like it would be.

 

ooops several posts slid in while I was typeing. Disregard anything already answered.

Edited by mini cacher
Link to comment
Jeremy

Jeremy

Posted
Posted
Why is _VIEWSTATE there anyway? A little Greasemonkey script shows me all the hidden form variables and that one is there pretty much always. And during development of... uh... some stuff I was messing with... it was required to be passed around and it changed all the time (which was a huge PITA). It does something important, I just couldn't ever make any sense of it, with it all encoded. I guess its not session info, though with a name like "_VIEWSTATE" it seems like it would be.

This is getting way off topic. Viewstate can be looked up on google.

Link to comment
mini cacher

+mini cacher

Posted
Posted

Sorry, I was just trying to follow along. Fizzymagic made it sound like it was a possible way to get what the OP was demanding. Thanks for the link raine.

 

Back on topic... I've personally never experienced the problem that the OP has explained. But perhaps that is because I use the "remember me" option and the external editor (mostly for spelling reasons but also for easy backup). But I won't ever stand in the way of progress, specially when it has no effect on me.

Link to comment
fizzymagic

+fizzymagic

Posted
Posted (edited)
No. I was hinting that it was a security issue. A page stored with all your login information now sits on who knows what machine. Someone restores that page and presses a button and voila! They're you!

Luckily, _VIEWSTATE can be encrypted on the server side so that it is opaque to the client. Microsoft did a reasonable job of the security on it.

 

But that is off track. Sorry for the derail.

 

I actually believe that the "problem" is really not a problem at all; a little note urging people to save their work would fix it easily. I cannot imagine working on a cache description for 40 minutes without either previewing it somewhere or saving it, either of which solves the problem.

Edited by fizzymagic
Link to comment
Jeremy

Jeremy

Posted
Posted
No. I was hinting that it was a security issue. A page stored with all your login information now sits on who knows what machine. Someone restores that page and presses a button and voila! They're you!

Luckily, _VIEWSTATE can be encrypted on the server side so that it is opaque to the client. Microsoft did a reasonable job of the security on it.

 

But that is off track. Sorry for the derail.

I'm not disagreeing with you there. It is the use of Viewstate to store login information that scares me when the page is stored on a machine. Session state at least expires on its own making the page worthless for validation.

Link to comment
Mopar

+Mopar

Posted
Posted
I actually believe that the "problem" is really not a problem at all; a little note urging people to save their work would fix it easily. I cannot imagine working on a cache description for 40 minutes without either previewing it somewhere or saving it, either of which solves the problem.

In which case the "problem" was already fixed ages ago!

 

killme6ip.jpg

 

"Problem" solved! Can we all go home now?

Link to comment
GeoJunkie

+GeoJunkie

Posted
Posted

Thanks, Jeremy, for taking the time to look at implementing what I know is a tough nut to crack! And thanks, raine, for spelling out the details of what happens when a session expires (those were the details I said I wasn't going into in an earlier post).

 

The ironic part was that the OP identified two problems: one about the 40 minute timeout and the other about how gc.com doesn't have a mechanism to remember you when you've logged in. He was wrong on the second count, and if he'd used the option, he wouldn't have the first problem! (Something I didn't realize until Jeremy pointed it out).

 

Sometimes people just need to pay attention to the site they're using.

 

OK, off my soapbox now. Thanks for letting an old web designer dust off some of his ASP knowledge! :ph34r:

Link to comment
Guest
This topic is now closed to further replies.
Followers 2
Go to topic listing
×
×
  • Create New...