I have a question about cookies & browser permissions and turning off
cookies when creating a web site (cookieless mode in web.config).
I have a web site that of course uses Session variables.
But we decided to turn off the cookieless mode because the client
specifically said her browser did not allow cookies. Anyway, when
searching about it, I found out that by setting cookieless = true the
session cookie is embedded into the URL sent back & forth to/from the
client so the server can identify this client. All these happen after
authentication, when the user has already entered a username and a
password and is redirected to the appropriate password protected web
pages.
A new client is signing in and he claims he cannot logging to the web
site. He enters his credentials but all she gets back is the general
search page (not the protected one with more capabilities). I know it
must be something with his browser configuration, because somehow the
security in that office has been setup to not allow anyone do anything
on the internet. I figure, cookies must not be allowed. But if our web
site uses the cookieless mode, then why can't he logging at all?
I can login from my desk using this client's credentials and can
search fine. Since I monitor the activities of this client, all my
searches under this credentials get recorded.
Is it anything more to the cookieless mode that does use cookies or
some type of security in the client's browser that must be set free?
I guess waht I would like to know exactly is what are the requirements
for any internet browser to run ASP.NET applications that require
forms-based authentication.
Your comments/help/links about this will be very much appreciated.
