473,395 Members | 1,530 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > cookies, sessions and timeouts

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Cookies, sessions and timeouts

Just when you figure out one problem another one shows up.

I am trying to set up authentication for one of my folders and can't seem to
get it to work as advertised (I am sure I am missing something).

I want to set it up as sessionless. If I can't get that to work, I would
like to get the Timeout period to work correctly.

Here is my web.config file:

*************************************************
<configuration>
<system.web>
<sessionState cookieless="true" />
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="SECAUTH" loginUrl="vdw/password.aspx" protection="None"
timeout="1">
<credentials />
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
*************************************************

I have cookieless set to true (no cookies) and the timeout set to 1 minute.
The program not only is creating cookies, but apparently when I look at when
it expires - it is in 2054 (50 years from now).

What is going on here?

How can I set it to drop the cookie when the browser ends? That would work
also.

Thanks,

Tom.
Nov 18 '05 #1
1 1541
"Jenni Parks" <Je********@discussions.microsoft.com> wrote in message
news:A6**********************************@microsof t.com...
How long ago did you make the change to your web.config? Often changes you've immediately made are not evidenced until you either recycle their
application pool [if on a windows 2003 box] or kill the .net process their
app is running under [if on windows 2000 box] or delete the .net temp files
previously placed in the microsoft .net temporary files directory.
Actually I did this 2 days ago, and I just started my computer and didn't
get the login page (when I delete the cookie, however, I will).

Where is the .net temporary files folder located?
Also are you coding in .NET 1.0 or .NET 1.1? Do you have a url where I can replicate your problem?

Where do I find this? I am not sure which we are running?

I don't really have a URL to check as this is an intranet.
Here is some of the pages and the URL we are getting, instead of the logon
page:

Here is the web.config file in my Contour folder (root)

<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Contour_Server_openworx "
value="sqlserver.htm" />
<add key="MM_CONNECTION_STRING_Contour_Server_openworx" value="Persist
Security Info=False;Data Source=Raptor;Initial Catalog=openworx;User
ID=tfs;Password=tfstom;Network Library =dbmssocn" />
<add key="MM_CONNECTION_DATABASETYPE_Contour_Server_ope nworx"
value="SQLServer" />
<add key="MM_CONNECTION_SCHEMA_Contour_Server_openworx" value="" />
<add key="MM_CONNECTION_CATALOG_Contour_Server_openworx " value="" />
<add key="MM_CONNECTION_HANDLER_Contour_Server" value="sqlserver.htm" />
<add key="MM_CONNECTION_STRING_Contour_Server" value="Persist Security
Info=False;Data Source=Raptor;Initial Catalog=VDW;User
ID=tfs;Password=tfstom;Network Library =dbmssocn" />
<add key="MM_CONNECTION_DATABASETYPE_Contour_Server" value="SQLServer" />
<add key="MM_CONNECTION_SCHEMA_Contour_Server" value="" />
<add key="MM_CONNECTION_CATALOG_Contour_Server" value="" />
</appSettings>
<system.web>
<sessionState cookieless="true" timeout="5" />
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="SECAUTH" loginUrl="vdw/password.aspx" protection="None"
timeout="1">
<credentials />
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>

Here is the web.config file in my VDW folder (under the Contour folder).

<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

Here is the web page I get that should go to the Login page, but doesn't. I
am curious what the (3oyjlp55x3lom5egc04sp045) is all about - it is not a
folder.

http://192.168.122.55/contour/(3oyjl...DWXferStatus.a
spx

This is the cookie that never gets deleted. When I delete it, I get the
login page, and the cookie is back (even though I have this set as
cookieless in my web.config file in the root) and never goes away.

tf*@192.168.122[1].txt

Here is the cookie contents.

SECAUTH
515A4809B01E43840174006600500061007300730077006F00 720064002E00760061006C0075
006500000070179B202A59C40101709761B48167FC0100002F 000000
192.168.122.55/
1536
3022544640
33318785
547494992
29645098
*

Here is the results from my web page that looks at the cookie You'll notice
the expiration date of 2054 as well as the persistant value..

tfPassword.value
Cookie Path: /

Expiration: 6/23/2054 6:58:14 AM

Expired: False

IsPersistent: True

IssueDate: 6/23/2004 6:58:14 AM

UserData:

Version: 1
Here is the web page I that gave me this result (you'll notice there is no
name being displayed).

Sub Page_Load
Dim objUserIdentity As FormsIdentity
Dim objTicket As FormsAuthenticationTicket

If User.Identity.IsAuthenticated Then
objUserIdentity = User.Identity
objTicket = objUserIdentity.Ticket
lblName.Text = objUserIdentity.Name
lblPath.Text = objTicket.CookiePath
lblExpiration.Text = objTicket.Expiration
lblExpired.Text = objTicket.Expired
lblIsPersistent.Text = objTicket.IsPersistent
lblIssueDate.Text = objTicket.IssueDate
lblUserData.Text = objTicket.UserData
lblVersion.Text = objTicket.Version
Else
lblName.Text = "Who Are You?"
End If
End Sub

</Script>

<html>
<head><title>FormsIdentity.aspx</title>
<body>

<asp:Label
ID="lblName"
Font-Size="18pt"
Font-Bold="True"
Runat="Server" />
<p>
Cookie Path:
<asp:Label
ID="lblPath"
Font-Size="18pt"
Font-Bold="True"
Runat="Server" />
<p>
Expiration:
<asp:Label
ID="lblExpiration"
Runat="Server" />
<p>
Expired:
<asp:Label
ID="lblExpired"
Runat="Server" />
<p>
IsPersistent:
<asp:Label
ID="lblIsPersistent"
Runat="Server" />
<p>
IssueDate:
<asp:Label
ID="lblIssueDate"
Runat="Server" />
<p>
UserData:
<asp:Label
ID="lblUserData"
Runat="Server" />
<p>
Version:
<asp:Label
ID="lblVersion"
Runat="Server" />

</body>
</html>

Thanks,

Tom
Best Regards,

Jennifer M.G. Parks

Application Dev & Sr Tech Support
Activehost Corporation
Web site: http://www.activehost.com
Technical Support: http://www.activehost.com/support
(518) 372.2842 x230
(518) 372.5349 fax

Considering Activehost? Read what our customers have to say about us.
http://www.actionjackson.com/hosts/h....asp?HostID=27
"Thomas Scheiderich" wrote:
Just when you figure out one problem another one shows up.

I am trying to set up authentication for one of my folders and can't seem to get it to work as advertised (I am sure I am missing something).

I want to set it up as sessionless. If I can't get that to work, I would like to get the Timeout period to work correctly.

Here is my web.config file:

*************************************************
<configuration>
<system.web>
<sessionState cookieless="true" />
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="SECAUTH" loginUrl="vdw/password.aspx" protection="None"
timeout="1">
<credentials />
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
*************************************************

I have cookieless set to true (no cookies) and the timeout set to 1 minute. The program not only is creating cookies, but apparently when I look at when it expires - it is in 2054 (50 years from now).

What is going on here?

How can I set it to drop the cookie when the browser ends? That would work also.

Thanks,

Tom.

Nov 18 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Check for cookies
by: TG | last post by:
This is more of a pain than I thought it would be. I need a simple code segment to determine whether a browser accepts cookies or not. When I pass variables between pages when cookies are turned...
PHP
1
cookies and sessions
by: windandwaves | last post by:
Hi Gurus I am basically sorry that I have to bother you about this. I am a PHP beginner and I have been studying sessions and cookies over the last few weeks. I have learned lots, but I am...
PHP
4
Monitoring logged-in users with sessions: autologoff
by: vesely | last post by:
Hi all, I'm currently relying on logged-in users hitting "logout" (logoff) before they leave, in order to terminate the session. With PHP the session filename is in a cookie that lasts for the...
PHP
2
Cookies , Session Which is Better ? and Global.asa Question
by: Amit D.Shinde | last post by:
Hello Experts.. I need some help regarding cookies and session objects and also global.asa file I am creating one cookie when a user logs in on my website. The cookie stores the login name of...
ASP / Active Server Pages
7
session cookies
by: Marcus | last post by:
I know that when you start a session in PHP, the "cookie" it creates is not the same as those that are stored in your browser's temp folder, and instead is kept in RAM. I am confused because in...
PHP
7
sessions vs cookies
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session...
PHP
1
Authentication Cookie not in Request.Cookies
by: Joe | last post by:
In ASP.NET 1.1 I could detected expired form authentication tickets (which closely coincide with my expired session) by checking for the Authentication Cookie when the login screen loads. If the...
ASP.NET
5
Why Do PHP Cookies and Sessions Work Even When Cookies Are Disabled?
by: jheines | last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet...
PHP
8
sessions - with or without cookies
by: Chuck Anderson | last post by:
I've instituted a sessions based scheme on my web site to combat hot linking to my images. When someone requests a page at my site, I set a session variable. I then use htaccess to redirect *all*...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!