468,268 Members | 1,695 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,268 developers. It's quick & easy.

Forms Authentication without a Cookie?

I've got a fairly simple forms authentication project (a login page and a
single secure page), but a number of users (~25%) can't seem to get past the
login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user
option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt" for
cookies, I still get a message that my login page is trying to set a cookie.

I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text,
false);

If I accept the cookie, I move on to the secure page. If I don't, I end up
staying on the login.aspx page. I think that's what might be happening with
some of the users who attempt to access this page (even though most say
their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry
Nov 17 '05 #1
6 3370
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
--------------------------------
Hire top notch developers to get your projects done right:
http://www.able-consulting.com
--------------------------------

"Harry Whitehouse" <ha***@envmgr.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
I've got a fairly simple forms authentication project (a login page and a
single secure page), but a number of users (~25%) can't seem to get past the login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user
option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt" for
cookies, I still get a message that my login page is trying to set a cookie.
I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text,
false);

If I accept the cookie, I move on to the secure page. If I don't, I end up staying on the login.aspx page. I think that's what might be happening with some of the users who attempt to access this page (even though most say
their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry

Nov 17 '05 #2
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
--------------------------------
Hire top notch developers to get your projects done right:
http://www.able-consulting.com
--------------------------------

"Harry Whitehouse" <ha***@envmgr.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
I've got a fairly simple forms authentication project (a login page and a
single secure page), but a number of users (~25%) can't seem to get past the login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user
option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt" for
cookies, I still get a message that my login page is trying to set a cookie.
I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text,
false);

If I accept the cookie, I move on to the secure page. If I don't, I end up staying on the login.aspx page. I think that's what might be happening with some of the users who attempt to access this page (even though most say
their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry

Nov 17 '05 #3
Steve -- Thanks for replying!

I had set that parameter, but had that one last cookie write attempt
nonetheless!

Harry

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:O9**************@TK2MSFTNGP10.phx.gbl...
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
--------------------------------
Hire top notch developers to get your projects done right:
http://www.able-consulting.com
--------------------------------

"Harry Whitehouse" <ha***@envmgr.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
I've got a fairly simple forms authentication project (a login page and a single secure page), but a number of users (~25%) can't seem to get past

the
login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt" for
cookies, I still get a message that my login page is trying to set a

cookie.

I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text,
false);

If I accept the cookie, I move on to the secure page. If I don't, I end

up
staying on the login.aspx page. I think that's what might be happening

with
some of the users who attempt to access this page (even though most say
their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry


Nov 17 '05 #4
Ken -- Thanks for this. I had not seen this article!

Harry

"Ken Cox [Microsoft MVP]" <BA************@sympatico.ca> wrote in message
news:eV**************@tk2msftngp13.phx.gbl...
Hi Harry,

You may have seen it, but there's an article here on cookieless forms
authentication. Can't tell from here if it works....

http://www.codeproject.com/aspnet/cookieless.asp

--

Nov 17 '05 #5
John -- Good suggestion! I'll give that a try!

Harry
Harry,

I'd have one of your users turn on the prompt setting and let you know if
they get prompted.

If that's the problem, you should try to find out why they won't accept
session cookies.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com

Nov 17 '05 #6
Yes, it will still try to use cookies even if you have this setting.
But the cookie is not required for the authentication to work. So if the
cookie is not successfully written then it should still work.

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
--------------------------------
Hire top notch developers to get your projects done right:
http://www.able-consulting.com
--------------------------------
"Harry Whitehouse" <ha***@envmgr.com> wrote in message
news:O7**************@TK2MSFTNGP12.phx.gbl...
Steve -- Thanks for replying!

I had set that parameter, but had that one last cookie write attempt
nonetheless!

Harry

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:O9**************@TK2MSFTNGP10.phx.gbl...
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
--------------------------------
Hire top notch developers to get your projects done right:
http://www.able-consulting.com
--------------------------------

"Harry Whitehouse" <ha***@envmgr.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
I've got a fairly simple forms authentication project (a login page and
a
single secure page), but a number of users (~25%) can't seem to get
past
the
login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt"

for cookies, I still get a message that my login page is trying to set a

cookie.

I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text, false);

If I accept the cookie, I move on to the secure page. If I don't, I end up
staying on the login.aspx page. I think that's what might be
happening with
some of the users who attempt to access this page (even though most

say their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry



Nov 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by ElmoWatson | last post: by
3 posts views Thread by Joey Powell | last post: by
3 posts views Thread by Martin | last post: by
reply views Thread by Anonieko Ramos | last post: by
2 posts views Thread by pv_kannan | last post: by
10 posts views Thread by Peter Bradley | last post: by
reply views Thread by NPC403 | last post: by
reply views Thread by kermitthefrogpy | last post: by
reply views Thread by zattat | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.