Hi,
We're having an issue with Forms Authentication cookies being treated as
expired / invalid, and being deleted. This is causing our intranet users a
great deal of pain
- Running IIS 5.0 on Win2k Server
- Forms Authentication is setup with a timeout value of 45 minutes in
web.config
- Session timeout is set to 45 minutes in web.config
In viewing the IIS logs, we an see a request for an aspx page (a POST) with
a response of 302. The log shows the cookies sent in with the request -
only 2, the ASP.NET_Session ID cookie and the Forms Authentication cookie,
which we named CSSAuth.
The next request coming is is a GET request for the Forms Authentication
login aspx page. The query string contains the url of the originally
requested page. In this request there is only one cookie - the
ASP.NET_Session ID cookie. The CSSAuth cooke is NOT THERE in this request.
In looking at the logs for NORMAL expired authentication redirects these
requests always contain the CSSAuth cookie, even though it is ezpired. In
the cases where users get redirected to login prior to authentication
timeout, the cookie is missing from the GET request issued in response to
the redirect.
Why is this authentication ticket cookie seen as invalid prior to timeout?
Why is this cookie being removed? What piece of code is responsible for
doing all this?
Scott L. 1 2469
We had the same problem, after lot of hunting, we found, running Antivirus
software causes the web.config, global.asax or the dll to be touched. The
causes the workerprocess to recycle and u loose all session. And this
happens randomly, and sessions dont last beyond 3 mins.
The best solution is using out of process session management. That is in an
sql server.
"Scott" <Sc*********@Un iversalComputer Sys.Com> wrote in message
news:Ot******** ******@TK2MSFTN GP10.phx.gbl... Hi,
We're having an issue with Forms Authentication cookies being treated as expired / invalid, and being deleted. This is causing our intranet users a great deal of pain
- Running IIS 5.0 on Win2k Server - Forms Authentication is setup with a timeout value of 45 minutes in web.config - Session timeout is set to 45 minutes in web.config
In viewing the IIS logs, we an see a request for an aspx page (a POST)
with a response of 302. The log shows the cookies sent in with the request - only 2, the ASP.NET_Session ID cookie and the Forms Authentication cookie, which we named CSSAuth.
The next request coming is is a GET request for the Forms Authentication login aspx page. The query string contains the url of the originally requested page. In this request there is only one cookie - the ASP.NET_Session ID cookie. The CSSAuth cooke is NOT THERE in this request.
In looking at the logs for NORMAL expired authentication redirects these requests always contain the CSSAuth cookie, even though it is ezpired.
In the cases where users get redirected to login prior to authentication timeout, the cookie is missing from the GET request issued in response to the redirect.
Why is this authentication ticket cookie seen as invalid prior to timeout? Why is this cookie being removed? What piece of code is responsible for doing all this?
Scott L.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: ElmoWatson |
last post by:
I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the...
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
|
by: Joey Powell |
last post by:
Hello, I originally configured my application to use persistent
cookies in error. Now, I need to find a way to disable those cookies.
I have tried changing usernames and passwords for all of the users,
but that doesn't help - they can still access our site using their old
persistent cookies. How can I disable them and force the users to log
in again?
|
by: francois |
last post by:
hello,
I am using forms authentication and I would like that my authentication
cookie expires after let say 1 minutes (just for the exemple).
When I log in in my longon page, the user has to input a username, password
and the click a button to effectively login.
In the event handler for my button I have the following code:
// create authentication ticket and encrypt it
|
by: Jeff B |
last post by:
I am having a very perplexing problem with setting the user's roles. I have
tried to figure this out for 2 days now.
When the user logs in to the site, I retrieve the roles from the database
and create a semicolon delimited string listing the roles returned and store
them in the forms authentication cookie. Then in the global.asax
Application_AuthenticateRequest, I retrieve the FormsAuthenticationTicket
from the forms authentication...
| |
by: Archer |
last post by:
I was making a role-based authentication but it does't login with
correct password.
the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.
in the cs files, i write the code below
protected void SubmitBtn_Click(Object sender, EventArgs e)
{
|
by: Steven M. |
last post by:
Greetings...
I need desperate help with my problem.
I guess the solution is related in some way with the cookies getting
lost in the authentication process working with some web servers.
Appreciate any help you could provide.
I've created an application that does the authentication process
|
by: Mark Olbert |
last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly
because I don't want to create my own provider at this point, and the supplied stuff comes with a lot of baggage I don't want/need).
In ASPNET1.1 what I would do was something like the following, after authenticating the user on the login form:
FormsAuthentication.SetAuthCookie(userInfo.UserID, false);
...
|
by: =?Utf-8?B?TFc=?= |
last post by:
Hello!
I am just learning about forms authentication so please excuse this basic
question. I am using .NET 1.1 and C#.
I have created my web.config file and my login.aspx and the associated cs
file using
examples on MSDN. I have created a FormsAuthenticationTicket and cookie and
added the cookie to the response and then set the SetAuthCookie etc. When I
go to the redirected page, I am not sure how to read the cookie value so I
know who...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |