//This method will open a connection to the db and lookup all of the user's information //and stores it in a cookie that we can use later on throughout the site. This cookie //is requested on every page requiring security; if it does not exist, the user is //redirected to the login page. public void SetProfileCookie() { SQL_utils sql = new SQL_utils("tracking"); HttpContext.Current.Request.Cookies.Clear(); string sUserName; if (this.LoginID.StartsWith(sDomain)) { sUserName = this.LoginID.Substring(sDomain.Length); } else { sUserName = this.LoginID; } //Create the user profile cookie; this cookie will last longer than the security //cookie and contains information about the user. HttpCookie oCookie = new HttpCookie("UserProfile"); SqlConnection oConn = new SqlConnection(); oConn.ConnectionString = ConfigurationManager.ConnectionStrings["TRACKING_CONN_STRING"].ToString(); oConn.Open(); SqlDataReader oReader = sql.Reader_from_PROCname("spGetUserProfile", sql.CreateParam("UserName", sUserName, "text")); if (oReader.HasRows) { oReader.Read(); oCookie.Values["StaffID"] = oReader["StaffID"].ToString(); oCookie.Values["ActiveDirID"] = oReader["ActDirID"].ToString(); oCookie.Values["StaffShortName"] = oReader["StaffShortName"].ToString(); oCookie.Values["FullName"] = oReader["FullName"].ToString(); oCookie.Values["StaffInits"] = oReader["StaffInits"].ToString(); oCookie.Values["Title"] = oReader["Title"].ToString(); oCookie.Values["Active"] = oReader["Active"].ToString(); oCookie.Values["ApptStaff"] = oReader["ApptStaff"].ToString(); oCookie.Values["Clinician"] = oReader["Clinician"].ToString(); oCookie.Values["StaffType"] = oReader["StaffType"].ToString(); oCookie.Values["DefaultStudyID"] = oReader["DefaultStudyID"].ToString(); oCookie.Values["Status"] = oReader["Status"].ToString(); oCookie.Values["EmailAddress"] = oReader["Email"].ToString(); oCookie.Values["PhoneNumber"] = oReader["Phone_Work"].ToString(); } oCookie.Values["UserGroups"] = this.GetGroups(); oCookie.Expires = DateTime.Now.AddHours(10); HttpContext.Current.Response.Cookies.Add(oCookie); //This section will create a cookie especially for the ASP pages in the screening //section of the site. ASP does not know how to handle series of key/value pairs //as cookie data so we just give them one text-based cookie. oCookie = new HttpCookie("ASPUserCookie"); oCookie.Value = "True"; oCookie.Expires = DateTime.Now.AddMinutes(nSessionDuration); HttpContext.Current.Response.Cookies.Add(oCookie); //OFF //oConn.Close(); }