I have an existing site that I grabbed, and right now it is storing the current user id (if registered at all) in the session variable, otherwise I'm sure it is an empty string or zero or something else).
Now the client wants someone to log in to “save” them on this computer for an indefinite period of time.
ASP.net sessions have a maximum downtime of 1 day, I suppose. The website is not written so well that in the Flash part (the entire front end is the flash), and the flash processes the login, and then, until the flash restarts, assume that the user is still “logged in”.
I think my solution is also to store a client-side cookie with some GUID and store the associated user ID in the database ... like a session that never expires. Therefore, when the page is loaded, I can check my cookie, use it to select the user ID from the database, and if we find it, then set the value of the session, which says that user 23 is registered.
Does anyone see any problems with this perspective? Would you recommend something else? I really don’t want to reorganize a bunch of existing code, but just sum it up from above ...
PS - Security is not really a concern. The only reason they have people is because we can track a person’s orders, but no money goes through this site. There is also no personal information that the user can view or edit.
source
share