Using a session variable in authentification within asp.net mvc 4 application

Question

i have an asp.net mvc4 application, in which i have this class:

public class Internaute {
  public int Id { get; set; }
  public string Name { get; set; }
  public string Login { get; set; }
  public string Password { get; set; }
}

then, when a user connect, i get its informations by storing it in a session variable like this:

Session["user"] = myInternaute;

And i used these informations ,for example, like this:

@{
  Internaute myInternaute = (Internaute)Session["user"];
  string login = myInternaute.Login;
  string pwd = myInternaute.Password;
}

I test the autorization of the user to acces by

Internaute myInternaute = (Internaute)Session["user"];
   if(myInternaute == null) return RedirectToAction("Index");

So i have these questions:

1. Is it a good way to proceed by a session variable?
2. Is there another idea to do this, because the session were lost.
3. Does this idea have some advantages?

Thanks,

Answer 1

Is it a good way to proceed by a session variable?

Yes your code looks good except you should check for null whenever you get the value from Session to make sure its not null. Also, do you really need Password stored in session? Its not a good idea to store it as string in Session.

Is there another idea to do this, because the session were lost.

If I understand your question correctly, yes your session data will be lost on Session timeout. If you want you can increase the session timeout in the web.config file.

Does this idea have some advantages?

You will have some basic data about the user readily available in Session instead of querying the database but you should make sure that the Internaute class remains lightweight.