skip to Main Content

Sites like ebay and amazon.com Know who you are with a message like

Hello, Bob. Please log in.

… but they also know you haven’t authenticated yet for this session. What is the best way to implement this in an ASP.NET application using the Membership API/Framework? I can think of a few ways to go here, but my primary concern is to not compromise security in the name of convenience or apparent cleverness.

Special bonus question: is there a commonly used term that describes this session state (e.g., identified but not authenticated)

2

Answers


  1. I suspect the way most sites do it is with a cookie storing your “Name” and then they read and display this information on the page

    Login or Signup to reply.
  2. They do this with a cookie. No private information is needed other than the first name, or a unique identifier for a database lookup.

    I think “identified but not authenticated” says it all…

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search