I'm testing very basic FormsAuthentication and having trouble with
non-persistent cookies. Once authenticated with a non-persistent
cookie, if I leave the browser alone for 30 minutes,
Request.IsAuthenticated returns false on my next request. WHY? At
first I thought it had to do with session timeout, but session timeout
is set to 20 minutes, and I'm still authenticated after 20 minutes.
Thirty minutes is the magic number. I'm at a loss to figure this out
because I can debug and still retrieve the cookie in Quickwatch -
Request.Cookies[".ASPXAUTH"], and it's still there. There's
absolutely no data in that cookie to determine that it should be
invalid. Unless...
I know the default timeout for Forms authentication is 30 minutes, but
if you do ANYTHING to change the expiration date on the authCookie,
you just made a persistent cookie instead of a non-persistent one.
Also, there is no data whatsoever on the cookie itself to let the
system know it should be expired. So, I'm left to think that the
ticket within the cookie must somehow be determining this. If so, how
can I change the timeout value? Is web.config the only way? There's
certainly no way it can be done using GetAuthCookie(). I even find
creating a new FormsAuthenticationTicket to be VERY confusing. The
"expiration" parameter is described as "The expiration date for the
cookie". Only, it's not. It's the expiration date for the ticket
within the cookie. If you touch the expiration date for the actual
cookie, it becomes persistent.
I suppose I may have talked myself through my own problem, but I'll
still post this because I think this is valuable information about an
incredibly unclear process. I have a few options:
- Don't use Request.IsAuthenticated in my
Application_AuthenticateRequest handler. Retrieve the cookie myself
with Request.Cookies[".ASPXAUTH"].
- Change the timeout property of the forms element in web.config
- Don't use GetAuthCookie or SetAuthCookie, create a new
FormsAuthenticationTicket and set the "expiration" parm manually
That wasted a few hours that could have been avoided by decent
documentation.
0  1842  This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Nick |
last post by:
I have two seperated asp.net projects - project1
(\inetpub\wwwroot\project1) and subproject
(\inetpub\wwwroot\project1\subproject).
They share authenticating code in...
|
by: Nick |
last post by:
How to make two asp.net projects share request.isAuthenticated?
Thanks
|
by: Nedu N |
last post by:
Hi,
I am using Forms authentication -in which -
I am trying to use User.Identity.Name, i am getting the user name in this
field even after i logout (i.e, FormaAuthentication.SighnOut(),
and...
|
by: Bob |
last post by:
Seems either of these can be used to check whether a request is
authenticated or not:
Request.IsAuthenticated
HttpContext.Current.User.Identity.IsAuthenticated
Are these always in sync? in...
|
by: Luis Fajardo |
last post by:
Sounds like a very simple question, and maybe really is, but here it goes.
I'm being using Forms Authentication for some time now, and everything is
cool, the question that I have is that I want...
|
by: Pascal |
last post by:
I try to install .NET Passport, but up to now without any success :-(
First of all I installed the Microsoft .NET SDK, then I registered my
development site on the Servide Manager Site and I...
|
by: paul |
last post by:
Hi,
Quick question - does HttpContext.Current.User.Identity.IsAuthenticated
perform a hit on the database if using forms authentication?
Just wondering if I should perform this once when a...
|
by: Johnnie Norsworthy |
last post by:
ASP.NET 2.0
I can't seem to locate how to determine two simple things after I perform a
FormAuthentication.
From a subsequent page load, how do I determine if a user is authenticated
already?...
|
by: Andrea |
last post by:
Is possible, without using the login system provided with .net framework,
to modify the value of this property?
Reflectoring it, there is a get_IsAuthenticathed() booleand fucntion, but
I don't...
|
by: Zulander |
last post by:
Hi, For some reason my session are expireing when the web browser
closes and User.Identity.IsAuthenticated is truning true,
I have a webcrontrol from login:
Protected Sub Login1_LoggedIn(ByVal...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
