Hey guys,

I am pretty new to c# and have just developed a login client/server application.

I am coming from PHP programming environment and my question is now. Is there any similar function in c# as the SESSION variables in php?

Say i am logged out in my c# application then the login stuff shows. When i then login and gets an ok from the server how do you then set the application to show different stuff like friends logout etc.

I guess it sounds pretty confusing but i hope you understand my question :)

Best regards

You are using Windows Forms or ASP.NET?

In asp.net there is the Session object. That you can use like this:

Session["myVar"] = 10;
int myVar = (int)Session["myVar"];

If you are using windows forms and don't know if there is anything like that. But you could use static variables to do it.

You are using Windows Forms or ASP.NET?

In asp.net there is the Session object. That you can use like this:

Session["myVar"] = 10;
int myVar = (int)Session["myVar"];

If you are using windows forms and don't know if there is anything like that. But you could use static variables to do it.

Thanks for your answer.

I am using Windows Forms and not asp.net.

Is there a security risk with using variables to set what data should be shown? This client will be used by hundreds or maybe even thousand of people so it is pretty important that not just any kid can manipulate the code on the client to get other users data etc.

Best regards

There's no risk in this case. When you publish your project it'll be compiled and the source code won't be visible to the end user.

What someone could do is try to crack your application, but even then, they would not see your code but just the assembly generated by it.

What you must do is define the circumstances that the data will be shown and make sure that it's not possible for the user to "hack" those circumstances inside the app. I mean, you have to be careful in the spot you set the variables that will make the app show the data.

It would be risky with those variables were set from a form for example.

There's no risk in this case. When you publish your project it'll be compiled and the source code won't be visible to the end user.

C# and VB .Net compile to IL which is very easily decompiled back to code using tools such as Reflector. To help in securing IL code it must be obfuscated.
If any part of an application needs to be secure (e.g. encryption/decryption methods) then consider writing that bit in another language such as C or C++ and leave .Net for the user interface.
Google .Net obfuscation tools for more info.

Edited 5 Years Ago by nick.crane: n/a

C# and VB .Net compile to IL which is very easily decompiled back to code using tools such as Reflector. To help in securing IL code it must be obfuscated.
If any part of an application needs to be secure (e.g. encryption/decryption methods) then consider writing that bit in another language such as C or C++ and leave .Net for the user interface.
Google .Net obfuscation tools for more info.

Thanks but lets say for example that i creates a unique hash in the server which updates to the mysql database/client at a successful login. I then check everytime that data gets recv/send by the client that the hash compares okay. Theoreticly i think this should be fine but what do u think?

This article has been dead for over six months. Start a new discussion instead.