473,747 Members | 2,762 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

FormsAuthentica tion cookie refreshing

Dan
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I can
test this easily by simply having a hidden iframe and use a javascript call
to refresh my sites blank page every time the external site loads a page and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some reason
this did not cause the cookie to be reset. I had thought that the forms auth
module would process the request regardless of how it was generated and thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan

Oct 6 '06 #1
3 2481
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************** *************** *************** ****
Think outside of the box!
*************** *************** *************** ****
"Dan" <Da*@discussion s.microsoft.com wrote in message
news:43******** *************** ***********@mic rosoft.com...
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan

Oct 6 '06 #2
Dan
thanks for the quick reply!

i need to contact this other site as it is a self contained application like
many of the sites that are connected to from our portal. it needs to appear
seamless to the user though i.e. as though it is all one app, hence the need
to keep the session alive for all hosted sites (all the others are in our
control so no probs there). the nature of the site is that a user may well
spend quite a reasonable amount of time doing stuff there and then need to
use another site, at which point the cookie may have expired.

what is a 'BS' page?

re-architecture is prob not an option as the other site does not belong
directly to us, although it must participate within our business process, but
out of interest, what other options would you have suggested if you had full
control?

cheers
dan
"Cowboy (Gregory A. Beamer)" wrote:
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************** *************** *************** ****
Think outside of the box!
*************** *************** *************** ****
"Dan" <Da*@discussion s.microsoft.com wrote in message
news:43******** *************** ***********@mic rosoft.com...
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan


Oct 9 '06 #3
Dan
one other question, sorry!

'Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question'

how is using xmlhttp to hit the aspx page different to using a normal
browser request i.e. in this case via iframe? wouldn't both calls appear the
same to the forms auth module?

cheers
dan

"Dan" wrote:
thanks for the quick reply!

i need to contact this other site as it is a self contained application like
many of the sites that are connected to from our portal. it needs to appear
seamless to the user though i.e. as though it is all one app, hence the need
to keep the session alive for all hosted sites (all the others are in our
control so no probs there). the nature of the site is that a user may well
spend quite a reasonable amount of time doing stuff there and then need to
use another site, at which point the cookie may have expired.

what is a 'BS' page?

re-architecture is prob not an option as the other site does not belong
directly to us, although it must participate within our business process, but
out of interest, what other options would you have suggested if you had full
control?

cheers
dan
"Cowboy (Gregory A. Beamer)" wrote:
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************** *************** *************** ****
Think outside of the box!
*************** *************** *************** ****
"Dan" <Da*@discussion s.microsoft.com wrote in message
news:43******** *************** ***********@mic rosoft.com...
Hi,
>
I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.
>
My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?
>
Thanks
Dan
>
Oct 9 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
4764
by: George Durzi | last post by:
When you call FormsAuthentication.SignOut(), is the FormsAuthentication cookie supposed to be destroyed automatically? I'm creating my FormsAuthentication cookie by doing: HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName, sTicket); where sTicket is an encrypted FormsAuthenticationTicket. When I create the FormsAuthenticationTicket, I set its isPersistent property to false.
2
2717
by: StanD | last post by:
At the end of my login process I am generating my own Persistent FormsAuthentication ticket. I encode this and set a cookie value. I then use Response.Cookies.Add(cookie), and I continue the login process. The cookie is not persisted across sessions and does not appear in the cookie list on the client. If I use SetAuthCookie persistence works. What am I missing here, in not getting the desired effect with my own ticket? --
4
1950
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and create a semicolon delimited string listing the roles returned and store them in the forms authentication cookie. Then in the global.asax Application_AuthenticateRequest, I retrieve the FormsAuthenticationTicket from the forms authentication...
2
1814
by: Grant Merwitz | last post by:
Hi, i am using forms authentication in an ASP.NET project I am setting the Forms authentication cookie by using: FormsAuthentication.RedirectFromLoginPage(UserName.Text, false); Now when i review my trace on my page, there are two cookies created that look identical. When i FormsAuthentication.SignOut() they both dissappear. Any ideas as to why two cookies are created?
1
1995
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on and the Cookie Name is not getting setup the same way. In my Web.config file, I use the following basic settings on both the old and new websites: <authentication mode="Forms"> <forms name="SiteAuth" loginUrl="Logon.aspx" protection="All"
5
4853
by: Ĺženol Akbulak | last post by:
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session). Problem is that, when user close the browser window then open a new browser, FormsAuthentication reads from cookie and user logs in. Althought user logged in, session parameter is null.
8
2645
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted, even though the flag is set to true in my call. This only started happening after upgrading from Beta 2 to RTM. Has anyone else seen this or does anyone else have a workaround? Thanks, Bill
3
7625
by: Noremac | last post by:
My google skills must be dwindling. I am trying to determine how in ASP.NET 2.0 I can get the ReturnUrl querystring variable in Forms Authentication to contain the absolute url. Just like others that have posed this question, we are an enterprise environment that has multiple websites across multiple servers and we are trying to setup Web SSO for our public internet site that will be accessible by our clients. ASP.NET seems to have...
2
2709
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/> </forms> </authentication> </system.web>
0
8979
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8818
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9354
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9223
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6790
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4860
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3296
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2771
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2203
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.