473,408 Members | 2,734 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > forms authentication persistent cookies problem

Join Bytes to post your question to a community of 473,408 software developers and data experts.

Forms Authentication Persistent Cookies Problem

Hello, I originally configured my application to use persistent
cookies in error. Now, I need to find a way to disable those cookies.
I have tried changing usernames and passwords for all of the users,
but that doesn't help - they can still access our site using their old
persistent cookies. How can I disable them and force the users to log
in again?
Nov 18 '05 #1
4 3323
Hi Joey,

Based on my research and experience, we have two solutions for this issue.

1. Clean the cookies on the client side.

2. Call the FormsAuthentication.SignOut Method.

Please refer to the following URLs for the detailed information regarding
this issue.

FormsAuthentication.SignOut Method
http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp
"...
This removes either durable or session cookies.
..."

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

Does it answer your question? If I have misunderstood your concern, please
feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #2
Jacob, I understand that. But neither of these solutions is practical,
because I don't have access to the client machines. Doesn't it make
sense to assume that asp.net would provide some way for me to control
access to *my* application, and from *my* web server.

If I want to "turn off" the user's access to my application, are you
saying that I will have to travel hundreds of miles and visit dozens
of machines to manually remove persistent cookies? If that is the case
then I am the developer of a web application that I cannot control
access to. This does not make any sense to me. Please advise.

ji***@online.microsoft.com (Jacob Yang [MSFT]) wrote in message news:<7n**************@cpmsftngxa07.phx.gbl>...
Hi Joey,

Based on my research and experience, we have two solutions for this issue.

1. Clean the cookies on the client side.

2. Call the FormsAuthentication.SignOut Method.

Please refer to the following URLs for the detailed information regarding
this issue.

FormsAuthentication.SignOut Method
http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemWebSecurityFormsAuthenticationClassSign OutTopic.asp
"...
This removes either durable or session cookies.
.."

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

Does it answer your question? If I have misunderstood your concern, please
feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #3
Hi Joey,

Thank you for your update. It seems that there is some misunderstanding in
this issue.

As I understand, what you really want is:

1. Disable the cookies so that the user cannot access the web page without
login.

2. You still want to use the persistent cookies feature in your web
application.

My meaning of my past post is not that you have to travel hundreds of miles
and visit dozens of machines. I think that you can ask your customers to do
it on the client side. I apologize for it if there is any misunderstanding.
Since the two solutions in my past post are not practical to you, I have
another solution for your reference. Please check the following articles
carefully which I have mentioned in my past post:

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

In the web.config file, we can find the following code:
...
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
...

Please change the value of the "name" (name=".ASPXFORMSDEMO") and rebuild
your web application. In addition, would you please tell me the value of
the "timeout" on your side?

If I have misunderstood your concern, please feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #4
Thanks guys for your help. I finally got it. I did not realize that I
all I needed to do was change the name of the cookie!

ji***@online.microsoft.com (Jacob Yang [MSFT]) wrote in message news:<f3**************@cpmsftngxa07.phx.gbl>...
Hi Joey,

Thank you for your update. It seems that there is some misunderstanding in
this issue.

As I understand, what you really want is:

1. Disable the cookies so that the user cannot access the web page without
login.

2. You still want to use the persistent cookies feature in your web
application.

My meaning of my past post is not that you have to travel hundreds of miles
and visit dozens of machines. I think that you can ask your customers to do
it on the client side. I apologize for it if there is any misunderstanding.
Since the two solutions in my past post are not practical to you, I have
another solution for your reference. Please check the following articles
carefully which I have mentioned in my past post:

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default...b;en-us;301240

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default...b;EN-US;308157

In the web.config file, we can find the following code:
..
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>
..

Please change the value of the "name" (name=".ASPXFORMSDEMO") and rebuild
your web application. In addition, would you please tell me the value of
the "timeout" on your side?

If I have misunderstood your concern, please feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
5
.NET Forms Authentication / Session cookies
by: anony | last post by:
Hi, I have a site that uses forms authentication to secure the directory. The site behaves as expected when viewed externally... if I close the browser and attempt to access it again, I get...
ASP.NET
1
Forms Authentication - Not timing out, not redirecting.
by: AVance | last post by:
Hi, I've come across this scenario in ASP.NET 1.1 with forms authentication where the forms auth doesn't seem to timeout correctly, nor redirect to the login page. I have done some testing, and...
ASP.NET
2
Asp.Net Forms Authentication - Multiple Windows
by: Vaibhav Gadodia | last post by:
Hello, I am trying to build an application which has forms authnetication enabled. I have a non-persistent authentication cookie which is exactly what i want. The problem is when i use two...
ASP.NET
4
3-Tier Web Application, forms authentication, persistence of user
by: Trevor Andrew | last post by:
Hi There, Hopefully this isn't too difficult a question to express here. I have a 3 tier application. 1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web Services that...
ASP.NET
4
Forms authorization cookie always set to expire in 2055?
by: Amil | last post by:
I'm using Forms authorization. In my <forms> section I have timeout="30", but when I examine the cookie, it shows it expiring in 2055? Why? <authentication mode="Forms"> <forms...
ASP.NET
2
Forms authentication cookies not expiring...
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent...
ASP.NET
1
Cookieless Forms Authentication and Roles
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and...
ASP.NET
1
Forms Authentication Issue
by: kuladeep.mohan | last post by:
Hi I am using Forms Authentication in my app. I am using asp.net 2.0 and I need only few pages to be wrapped with the login and other pages are public. So the problem is the login feature is...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!