I have built a web app that uses forms authentication. There isn't a
"remember me" feature (i.e. the authentication cookie is not permanent).
When you close the browser, and open a new one, you must log in again. This
is the behavior I expected.
I just discovered that if I have a browser window open (to anything) prior
to opening my web app in a new browser window, it appears to share session
information. I can then open and close my web app over and over and it
never makes me log in after the very first time if that first browser window
(which isn't even part of my app) remains open.
It there anything I can do about this?
Thanks,
Greg 4 2726
Hi Greg,
It is really strange since the browser has no relation to the asp.net web
application. Anyway, please check out your web.config file to see if there
is anything wrong.
Also, I suggest you try the steps in this article to create a form based
authentication asp.net web app. Please test on this new web app to see if
you could repro the problem.
"HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application
by Using Visual Basic .NET" http://support.microsoft.com/?id=308157
Regards,
HuangTM
Microsoft Online Partner Support
MCSE/MCSD
Get Secure! ¨C www.microsoft.com/security
This posting is provided ¡°as is¡± with no warranties and confers no rights.
I did some more testing.
Try this to duplicate the problem:
Open a site that uses forms authentication. In my test I am using the
IBuySpy portal. http://www.asp.net/IBS_Portal/DesktopDefault.aspx
Create account and sign in (do not check the remember login box). Creating
a shortcut on desktop (I think this is the important piece.) to the web
site.
Close all browser windows.
Open a new browser window to something (say www.yahoo.com)
Leave that window open, double click on the shortcut to IBuySpy portal.
Sign-in again. Close browser, leaving Yahoo open in first browser.
Double-click shortcut to IBuySpy again. Notice, you are still logged in!
Close window, repeat ad nauseam. :^)
Thanks,
Greg
"Tian Min Huang" <ti******@online.microsoft.com> wrote in message
news:os**************@cpmsftngxa06.phx.gbl... Hi Greg,
It is really strange since the browser has no relation to the asp.net web application. Anyway, please check out your web.config file to see if there is anything wrong.
Also, I suggest you try the steps in this article to create a form based authentication asp.net web app. Please test on this new web app to see if you could repro the problem. "HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET" http://support.microsoft.com/?id=308157
Regards,
HuangTM Microsoft Online Partner Support MCSE/MCSD
Get Secure! ¨C www.microsoft.com/security This posting is provided ¡°as is¡± with no warranties and confers no
rights.
You can do the same thing by opening a browser window, then opening a a new
window from it (CTRL-N).
I am sure this is just the way it works, but it was confusing at first. Am
I correct in saying, it is because all these windows are sharing the same
session ID, hence the same authentication cookie? (I can see that they
are.)
I guess, double-clicking on a shortcut to a web site does the same thing as
a CTRL-N. Ie., it does not launch a new session. Bummer.
Thanks,
Greg
"Jim Cheshire (MS)" <ja******@online.microsoft.com> wrote in message
news:OF**************@cpmsftngxa06.phx.gbl... Hi Greg,
I can reproduce this issue easily. I am looking into it for you.
Jim Cheshire Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Greg Burns" <gr********@hotmail.com> References: <#T**************@TK2MSFTNGP11.phx.gbl> <os**************@cpmsftngxa06.phx.gbl>Subject: Re: forms authentication not authenticating Date: Mon, 28 Jul 2003 10:20:37 -0400 Lines: 55 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <#E**************@TK2MSFTNGP10.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 146.145.213.7 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:162604X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
I did some more testing.
Try this to duplicate the problem:
Open a site that uses forms authentication. In my test I am using the IBuySpy portal.
http://www.asp.net/IBS_Portal/DesktopDefault.aspx
Create account and sign in (do not check the remember login box).
Creatinga shortcut on desktop (I think this is the important piece.) to the web site.
Close all browser windows.
Open a new browser window to something (say www.yahoo.com)
Leave that window open, double click on the shortcut to IBuySpy portal. Sign-in again. Close browser, leaving Yahoo open in first browser. Double-click shortcut to IBuySpy again. Notice, you are still logged in! Close window, repeat ad nauseam. :^)
Thanks, Greg "Tian Min Huang" <ti******@online.microsoft.com> wrote in message news:os**************@cpmsftngxa06.phx.gbl... Hi Greg,
It is really strange since the browser has no relation to the asp.net
web application. Anyway, please check out your web.config file to see if there is anything wrong.
Also, I suggest you try the steps in this article to create a form
based authentication asp.net web app. Please test on this new web app to see
if you could repro the problem. "HOW TO: Implement Forms-Based Authentication in Your ASP.NET
Application by Using Visual Basic .NET" http://support.microsoft.com/?id=308157
Regards,
HuangTM Microsoft Online Partner Support MCSE/MCSD
Get Secure! ¨C www.microsoft.com/security This posting is provided ¡°as is¡± with no warranties and confers no
rights.
Greg,
That's exactly what's happening. When you are using Forms authentication
and an unpersistant cookie, the cookie is in-memory. Apparently, Internet
Explorer is sharing that memory space when the window is opened via the
shortcut icon or a Ctrl-N. This is expected when you are using Ctrl-N or
Window, New Window. Obviously if that didn't share session state with the
original window, it would be undesirable for an Internet developer. (That
would also mean that a client-side window.open or a _blank target attribute
would also lose session state.)
This is by-design, although it may be counter-intuitive at first and may
provide undesirable results at times. The solution in your case is to make
sure that your Forms authentication ticket expires within a relatively
short timeframe.
Jim Cheshire
Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Greg Burns" <gr********@hotmail.com> References: <#T**************@TK2MSFTNGP11.phx.gbl>
<os**************@cpmsftngxa06.phx.gbl>
<#E**************@TK2MSFTNGP10.phx.gbl>
<OF**************@cpmsftngxa06.phx.gbl>Subject: Re: forms authentication not authenticating Date: Mon, 28 Jul 2003 17:18:11 -0400 Lines: 112 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <e$**************@tk2msftngp13.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 146.145.213.7 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftn gp13.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:162771 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
You can do the same thing by opening a browser window, then opening a a new window from it (CTRL-N).
I am sure this is just the way it works, but it was confusing at first. Am I correct in saying, it is because all these windows are sharing the same session ID, hence the same authentication cookie? (I can see that they are.)
I guess, double-clicking on a shortcut to a web site does the same thing as a CTRL-N. Ie., it does not launch a new session. Bummer.
Thanks, Greg
"Jim Cheshire (MS)" <ja******@online.microsoft.com> wrote in message news:OF**************@cpmsftngxa06.phx.gbl... Hi Greg,
I can reproduce this issue easily. I am looking into it for you.
Jim Cheshire Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Greg Burns" <gr********@hotmail.com> >References: <#T**************@TK2MSFTNGP11.phx.gbl> <os**************@cpmsftngxa06.phx.gbl> >Subject: Re: forms authentication not authenticating >Date: Mon, 28 Jul 2003 10:20:37 -0400 >Lines: 55 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <#E**************@TK2MSFTNGP10.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 146.145.213.7 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >Xref: cpmsftngxa06.phx.gblmicrosoft.public.dotnet.framework.aspnet:162604 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >I did some more testing. > >Try this to duplicate the problem: > >Open a site that uses forms authentication. In my test I am using the >IBuySpy portal. > >http://www.asp.net/IBS_Portal/DesktopDefault.aspx > >Create account and sign in (do not check the remember login box).Creating >a shortcut on desktop (I think this is the important piece.) to the web >site. > >Close all browser windows. > >Open a new browser window to something (say www.yahoo.com) > >Leave that window open, double click on the shortcut to IBuySpy portal. >Sign-in again. Close browser, leaving Yahoo open in first browser. >Double-click shortcut to IBuySpy again. Notice, you are still logged
in! >Close window, repeat ad nauseam. :^) > >Thanks, >Greg > > > >"Tian Min Huang" <ti******@online.microsoft.com> wrote in message >news:os**************@cpmsftngxa06.phx.gbl... >> Hi Greg, >> >> It is really strange since the browser has no relation to the asp.netweb >> application. Anyway, please check out your web.config file to see if there >> is anything wrong. >> >> Also, I suggest you try the steps in this article to create a formbased >> authentication asp.net web app. Please test on this new web app to seeif >> you could repro the problem. >> "HOW TO: Implement Forms-Based Authentication in Your ASP.NETApplication >> by Using Visual Basic .NET" >> http://support.microsoft.com/?id=308157 >> >> Regards, >> >> HuangTM >> Microsoft Online Partner Support >> MCSE/MCSD >> >> Get Secure! ¨C www.microsoft.com/security >> This posting is provided ¡°as is¡± with no warranties and confers no >rights. >> >> > > > This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Reshma Prabhu |
last post by:
Hello,
I have developed a web site which uses forms authentication
for authenticating users.
The problem is that the site is divided into frames and so
whenver the cookie expires each frame...
|
by: anony |
last post by:
Hi,
I have a site that uses forms authentication to secure the directory. The
site behaves as expected when viewed externally... if I close the browser
and attempt to access it again, I get...
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: - Steve - |
last post by:
I have forms based authentication working, using my Active Directory for
authentication.
I have a web page that creates a user in active directory. When I was using
IIS authentication it worked...
|
by: Trevor Andrew |
last post by:
Hi There,
Hopefully this isn't too difficult a question to express here. I have a 3
tier application.
1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web
Services that...
|
by: MatthewRoberts |
last post by:
Howdy All,
We have an ASP.NET web application that uses Forms Authentication and
has worked without problems for some time.
However, we recently added a Shockwave SWF file to the mix for flash...
|
by: Mark Olbert |
last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly
because I don't want to create my own provider at this point, and...
|
by: webrod |
last post by:
Dear All,
let's say I have a web service.
I would like to authenticate users who try to access it.
I am on a winnt server so I will have to use NTLM but I don't want to
use IIS settings.
Is...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |