Hey guys, I'm not very familiar with asp.net (Doing this in c#) or session cookies for that matter, just the basics. Trying to store a list of items in a session cookie, then when needed, pull those items back out as a list to then use them in a MS SQL select query.

e.g. I create a list object, I add to it via url parameters (as they browse and add them), then I save the list in a session cookie...

List<string> itemNames = new List<string> {};
Session["myItems"] = itemNames;

now I have a list of objects in a cookie i'm assuming?
I later on get that cookie back into a public string via the code behind...

public List<string> names { get; set; }
    protected void Page_Load(object sender, EventArgs e)
        List<string> names = (List<string>)Session["myItems"];

...Not sure if those two ideas work to be honest
I am familiar with how to get a url parameter and make an SQL call through SqlDataSource...

    ConnectionString="<%$ ConnectionStrings:myDBname%>"
    SelectCommand="SELECT * FROM table WHERE itemID=@itemID">
        <asp:QueryStringParameter Name="itemID" DbType="" Direction="Input" QueryStringField="itemID" DefaultValue="" ConvertEmptyStringToNull="True" />

, but how can I set up multiple variables using my list of objects? e.g.

SelectCommand="SELECT * FROM table WHERE itemID=names[0] OR itemID=names[1] OR itemID=names[2]">

I plan to clean the url parameter beforehand to prevent code injection. Any ideas are much appreciated!

still working on this?


//adding data to session
//assuming the method below will return list of Products

var products=Db.GetProducts();

//Store the products to a session


//To get what you have stored to a session

var products=Session["products"] as List<Product>;

//to clear the session value