How to maintain User-session with ASP.NET MVC

Hey folks, I would like to know is there any way i can maintain stuffs like log-in,log-out,user-sessi开发者_C百科on..etc without using membership in ASP.NET MVC?

Faraaz.

There are three provider models concerned with the areas that you are referring to.

The MembershipProvider is concerned with authentication, validating users and storing data related to the user such as last login date, username, etc.

The RoleProvider is concerned with authorising users for particular areas of your application.

The SessionStateProvider is concerned with storing session for your application.

You can write your own custom provider for any of them if the default providers are not suitable. You could roll your own authentication, authorisation, or session management without the providers, however there would be quite a bit of work involved more so than implementing your own custom provider.

You can use the Session object to store session scoped data.

But for authentication/authorization you will need to come up with your own scheme.

You need to use the Session dictionary and a session state server. See http://msdn.microsoft.com/en-us/library/ms178581.aspx for more info.

Word of warning: In my experience the InProc session state mode only preserves the values you put into Session for the lifetime of the current HTTP request. They don't persist across requests as you might expect, even when you're using a single HTTP server and you'd think in-memory storage would persist. This may only occur while debugging using the built-in http server in VS2010, but even so it can cause you a lot of trouble trying to understand why state information isn't being saved.