Greg,
That's exactly what's happening. When you are using Forms authentication
and an unpersistant cookie, the cookie is in-memory. Apparently, Internet
Explorer is sharing that memory space when the window is opened via the
shortcut icon or a Ctrl-N. This is expected when you are using Ctrl-N or
Window, New Window. Obviously if that didn't share session state with the
original window, it would be undesirable for an Internet developer. (That
would also mean that a client-side window.open or a _blank target attribute
would also lose session state.)
This is by-design, although it may be counter-intuitive at first and may
provide undesirable results at times. The solution in your case is to make
sure that your Forms authentication ticket expires within a relatively
short timeframe.
Jim Cheshire
Developer Support
ASP.NET
jamesche@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------[color=blue]
>From: "Greg Burns" <greg_burns@hotmail.com>
>References: <#TWEU8gUDHA.2284@TK2MSFTNGP11.phx.gbl>[/color]
<oswAdEoUDHA.2152@cpmsftngxa06.phx.gbl>
<#E1jsNRVDHA.2104@TK2MSFTNGP10.phx.gbl>
<OFQmsOUVDHA.2000@cpmsftngxa06.phx.gbl>[color=blue]
>Subject: Re: forms authentication not authenticating
>Date: Mon, 28 Jul 2003 17:18:11 -0400
>Lines: 112
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <e$NgB3UVDHA.3232@tk2msftngp13.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: 146.145.213.7
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftn gp13.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:162771
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>You can do the same thing by opening a browser window, then opening a a new
>window from it (CTRL-N).
>
>I am sure this is just the way it works, but it was confusing at first. Am
>I correct in saying, it is because all these windows are sharing the same
>session ID, hence the same authentication cookie? (I can see that they
>are.)
>
>I guess, double-clicking on a shortcut to a web site does the same thing as
>a CTRL-N. Ie., it does not launch a new session. Bummer.
>
>Thanks,
>Greg
>
>
>"Jim Cheshire (MS)" <jamesche@online.microsoft.com> wrote in message
>news:OFQmsOUVDHA.2000@cpmsftngxa06.phx.gbl...[color=green]
>> Hi Greg,
>>
>> I can reproduce this issue easily. I am looking into it for you.
>>
>> Jim Cheshire
>> Developer Support
>> ASP.NET
>>
jamesche@online.microsoft.com
>>
>> This post is provided as-is with no warranties and confers no rights.
>>
>> --------------------[color=darkred]
>> >From: "Greg Burns" <greg_burns@hotmail.com>
>> >References: <#TWEU8gUDHA.2284@TK2MSFTNGP11.phx.gbl>[/color]
>> <oswAdEoUDHA.2152@cpmsftngxa06.phx.gbl>[color=darkred]
>> >Subject: Re: forms authentication not authenticating
>> >Date: Mon, 28 Jul 2003 10:20:37 -0400
>> >Lines: 55
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <#E1jsNRVDHA.2104@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet
>> >NNTP-Posting-Host: 146.145.213.7
>> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl[/color][/color]
>microsoft.public.dotnet.framework.aspnet:162604[color=green][color=darkred]
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>> >
>> >I did some more testing.
>> >
>> >Try this to duplicate the problem:
>> >
>> >Open a site that uses forms authentication. In my test I am using the
>> >IBuySpy portal.
>> >
>> >
http://www.asp.net/IBS_Portal/DesktopDefault.aspx
>> >
>> >Create account and sign in (do not check the remember login box).[/color][/color]
>Creating[color=green][color=darkred]
>> >a shortcut on desktop (I think this is the important piece.) to the web
>> >site.
>> >
>> >Close all browser windows.
>> >
>> >Open a new browser window to something (say
www.yahoo.com)
>> >
>> >Leave that window open, double click on the shortcut to IBuySpy portal.
>> >Sign-in again. Close browser, leaving Yahoo open in first browser.
>> >Double-click shortcut to IBuySpy again. Notice, you are still logged[/color][/color][/color]
in![color=blue][color=green][color=darkred]
>> >Close window, repeat ad nauseam. :^)
>> >
>> >Thanks,
>> >Greg
>> >
>> >
>> >
>> >"Tian Min Huang" <timhuang@online.microsoft.com> wrote in message
>> >news:oswAdEoUDHA.2152@cpmsftngxa06.phx.gbl...
>> >> Hi Greg,
>> >>
>> >> It is really strange since the browser has no relation to the asp.net[/color][/color]
>web[color=green][color=darkred]
>> >> application. Anyway, please check out your web.config file to see if[/color]
>> there[color=darkred]
>> >> is anything wrong.
>> >>
>> >> Also, I suggest you try the steps in this article to create a form[/color][/color]
>based[color=green][color=darkred]
>> >> authentication asp.net web app. Please test on this new web app to see[/color][/color]
>if[color=green][color=darkred]
>> >> you could repro the problem.
>> >> "HOW TO: Implement Forms-Based Authentication in Your ASP.NET[/color][/color]
>Application[color=green][color=darkred]
>> >> by Using Visual Basic .NET"
>> >>
http://support.microsoft.com/?id=308157
>> >>
>> >> Regards,
>> >>
>> >> HuangTM
>> >> Microsoft Online Partner Support
>> >> MCSE/MCSD
>> >>
>> >> Get Secure! ¨C
www.microsoft.com/security
>> >> This posting is provided Ħ°as isĦħ with no warranties and confers no
>> >rights.
>> >>
>> >>
>> >
>> >
>> >[/color]
>>[/color]
>
>
>[/color]
forms authentication not authenticating 
