Profile variables in asp.net tracking session with login control?

I have been making a web site with a cart in开发者_运维知识库 asp.net using visual studio 2010. My question is concerning the Profile variable and Login Control.

I followed a pretty straight forward tutorial to add a cart to my site.

1: Shopping Cart Example

As you can see in the shopping cart tutorial, the author used a Profile to keep track of the cart.

When I was making this, I had expected the cart to stay the same with each different user login since we were using a profile and not a session variable. Fortunately, the cart would in fact reset as I logged in as different users with the login control.

So my question is, how is the Profile keeping track of the cart for each user. I'm almost certain that the login-control does not set a session variable, so I don't think the Profile object is auto-detecting a different user from the login-control... is it?

Please help me understand this, the author isn't quite clear.

Thanks a lot!

Basically the way it works is by using the authentication information to identify the user. So when a request comes in from an authenticated user the framework uses the username (typically in the form of an authentication cookie) to load the profile information into the current request.

In the case of the example you provided because the author is using <anonymousIdentification enabled="true"/> which allows for profile information to be available for anonymous users as well.

When an anonymous user makes a request, the AnonymousIdentificationModule module creates a GUID and writes it into a persistent cookie named .ASPXANONYMOUS. This GUID will act as the username for the purpose of the ProfileProvider.

the important part of the code that brings together the cart and the Profile is at the very end (happens behind the scenes for every login):

void Profile_OnMigrateAnonymous(object sender, ProfileMigrateEventArgs e)
{
    ProfileCommon anonymousProfile = Profile.GetProfile(e.AnonymousID);
    if (anonymousProfile.SCart != null)
    {
        if (Profile.SCart == null)
            Profile.SCart = new ShoppingCartExample.Cart();

        Profile.SCart.Items.AddRange(anonymousProfile.SCart.Items);

        anonymousProfile.SCart = null;
    }

    ProfileManager.DeleteProfile(e.AnonymousID);
    AnonymousIdentificationModule.ClearAnonymousIdentifier();
}

You can read about Profiles etc on MSDN - for example: http://msdn.microsoft.com/en-us/library/ewfkf772.aspx

This is not quite entirely true about session. Sessions are used in a way to store certain information about logged in users. However information about logged in user (as set by asp:Login control after successful login) is also stored in a principal which you can access from HttpContext.Current.User object. Another location where information about users is stored is in the cookie named .ASPXAUTH cookie. So there are couple of locations from which user information can be retrieved. But Profile will rely on an object of type IPrincipal. As for the anonymous users, Peter Mourfield gave you a good answer so I will not repeat his words.