My scenario is as follows. I have an MVC 4 application. On my controller I check the logged in user and password. (I think) I put user data in a session after the data is verified and correct.
My pages are cshtml (Razor). And I have a master page that will use the Session data to show the logged in user for example.
If the login data is not correct, the session will be empty and I will redirect to the login page.
Questions:
- How to open and close the session?
- How to set the idle time to close it?
- What it takes for the system to only allow direct access to the URLs after login and active session.
My login screen action after sending the data:
[HttpPost]
public ActionResult Index(UsuarioDTO dto)
{
UsuarioDTO ValidarLogin = null;
UsuarioDTO usuario = new UsuarioDTO();
usuario.Login = dto.Login;
usuario.Senha = dto.Senha;
negocio = new AeroJetNEGOCIO();
try
{
ValidarLogin = negocio.Login.LogarUsuario(usuario);
usuario = ValidarLogin;
Session["usuarioLogado"] = usuario;
return RedirectToAction("Index", "CadastroCliente");
}
catch (Exception e)
{
ViewBag.classe = "alert";
ViewBag.msg = e.Message;
return View();
}
}
OBS: This session that I include does not even know how it behaves. It was just an attempt.
This screen redirects to another Action from another Controller that is a screen for a user already logged in.
public ActionResult Index()
{
return View();
}
I do not know if I should put any code to validate the Session there. I need help with that part.
If you need the cshtml of the master page or the page that comes after the login I post.