MVC User log in and sessions

My web application requires a user to be logged in to view any webpage on it.

When a user logs in I store, in sessions, their username and password for retrieval later on. This all works fine but, if I rerun my project it seems to skip past authentication and go straight to the controller for that action.

What I presume is happening is that FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); is remembering that the user is logged in but my s开发者_StackOverflow社区essions aren't updated.

How can I trap this scenario and update my sessions accordingly?

There are many ways of going about it.

First, you can choose, not to persist the cookie. But this will still cause the exception if the session has not expired and you recompile your project. Recompiling the project destroys the session state.

Though putting the password in session state is not the preferred way of going about it, I am sure you would have a valid reason of doing it that way.

However, if you want to do it that way, you can override the Application_AuthenticateRequest event in Global.asax. This event fires every time a request comes in and you can check if the request is authenticated (using HttpContext.Current.User.Identity.IsAuthenticated) and repopulate the session state.

By the way, can you elaborate why you need to store the user password in session state?

If I am correctly understood the issue,you can have base action class so and move the authentication mechanism there.So for every request this base will be invoked so you can make sure that the authentication mechanism is not skipped.