468,107 Members | 1,253 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,107 developers. It's quick & easy.

turning cookieless mode false for client browsers that do not accept cookies

I have a question about cookies & browser permissions and turning off
cookies when creating a web site (cookieless mode in web.config).

I have a web site that of course uses Session variables.
But we decided to turn off the cookieless mode because the client
specifically said her browser did not allow cookies. Anyway, when
searching about it, I found out that by setting cookieless = true the
session cookie is embedded into the URL sent back & forth to/from the
client so the server can identify this client. All these happen after
authentication, when the user has already entered a username and a
password and is redirected to the appropriate password protected web
pages.

A new client is signing in and he claims he cannot logging to the web
site. He enters his credentials but all she gets back is the general
search page (not the protected one with more capabilities). I know it
must be something with his browser configuration, because somehow the
security in that office has been setup to not allow anyone do anything
on the internet. I figure, cookies must not be allowed. But if our web
site uses the cookieless mode, then why can't he logging at all?

I can login from my desk using this client's credentials and can
search fine. Since I monitor the activities of this client, all my
searches under this credentials get recorded.

Is it anything more to the cookieless mode that does use cookies or
some type of security in the client's browser that must be set free?

I guess waht I would like to know exactly is what are the requirements
for any internet browser to run ASP.NET applications that require
forms-based authentication.

Your comments/help/links about this will be very much appreciated.

Nov 19 '05 #1
2 1548

I suspect the most likely issue is that your user has their network
traffic run through a network proxy server farm. This essentially
makes all subsequent http requests to your farm look like new sessions
to your server(s).

If you ask the user whether they can access their online banking
account or some other site that requires strict authentication and
login credentials and they can't, then this is probably it.

We run into this problem a lot with our business to business
visitors. The only to get around it in your situation is to
have them tell their administrators to run their traffic through
a specific server on the network proxy server farm.

Their proxy server farm is specifically designed to prevent
the user from doing what you need them to do.

--
2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net/home/listings.aspx

"rk325" <ro************@softwareservices.net> wrote in message
news:11*********************@f14g2000cwb.googlegro ups.com...
I have a question about cookies & browser permissions and turning off
cookies when creating a web site (cookieless mode in web.config).

I have a web site that of course uses Session variables.
But we decided to turn off the cookieless mode because the client
specifically said her browser did not allow cookies. Anyway, when
searching about it, I found out that by setting cookieless = true the
session cookie is embedded into the URL sent back & forth to/from the
client so the server can identify this client. All these happen after
authentication, when the user has already entered a username and a
password and is redirected to the appropriate password protected web
pages.

A new client is signing in and he claims he cannot logging to the web
site. He enters his credentials but all she gets back is the general
search page (not the protected one with more capabilities). I know it
must be something with his browser configuration, because somehow the
security in that office has been setup to not allow anyone do anything
on the internet. I figure, cookies must not be allowed. But if our web
site uses the cookieless mode, then why can't he logging at all?

I can login from my desk using this client's credentials and can
search fine. Since I monitor the activities of this client, all my
searches under this credentials get recorded.

Is it anything more to the cookieless mode that does use cookies or
some type of security in the client's browser that must be set free?

I guess waht I would like to know exactly is what are the requirements
for any internet browser to run ASP.NET applications that require
forms-based authentication.

Your comments/help/links about this will be very much appreciated.

Nov 19 '05 #2
Thanks for your reply Robbe.
I'm not sure I understand very well your explanation, but I was just
informed by this client that they were able to successfully access the
web site from another computer in his office. I knew that becasue I saw
some activity today under these credentials. Does this tell you that
they have their network traffic run through a network proxy server
farm?

Or is there anything else in the browser's configuration of this
computer that prevents it to login to the web site?

What do you mean above with "run their traffic through a specific
server on the network proxy server farm" ?

What I really need is to get more knowledge about proxy server farms!

Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by .NET Follower | last post: by
2 posts views Thread by Tom Pester | last post: by
2 posts views Thread by Daniel Malcolm | last post: by
13 posts views Thread by Water Cooler v2 | last post: by
1 post views Thread by Mark Olbert | last post: by
2 posts views Thread by ravisingh11 | last post: by
8 posts views Thread by maboo59 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.