Hi All,
I have a silverlight application that requires the user to login.
The problem is when you hit the refresh button on the web page it reloads the site, and requires the user to login again.
What I want it to do is act like ASP .NET where the user will remain logged in for 20 minutes even if they hit the refresh button.
What mechanism is ASP .NET using to achieve this? Does it use session variables for instance, and how does it expire after 20 minutes?
Thanks.
ASP.NET is doing this on the server side using various methods. The most simple, it could be cookies. Typically people use the session state feature. A sliding scale is used to store update times.
Though you could do it on Silverlight using something like isolated storage, it won't be secure: the isolated storage isn't encrypted and is on the local system, vs. with ASP.NET, where the server can store this information where it is secure.
As to what to store: you really don't want to. You should let your user log in, which hits a web service on the host. Then you just rely on the ASP.NET or other server-side authentication system. You could create a "perma-cookie", but that's just duplicating functionality that already works.
In addition to storing something in the IsolatedStorage you can also access the cookies used by the page. If you store an authentication token in your cookie then you can just pick it up from the silverlight app. This page and this page may get you started.