472,989 Members | 3,077 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > forms authentication cookies not expiring...

Join Bytes to post your question to a community of 472,989 software developers and data experts.

Forms authentication cookies not expiring...

I recently found out that my authentication cookies are not expiring
even though I have set the persist property to false. As a result,
users are able to access the secure websites with indifferent results.

Any pointers/suggestions would be very appreciated.

Things were running as usual till until recently.

Here are the relevant pieces of code
==========================================

Web.config
----------------
<authentication mode="Forms">
<forms loginUrl="SignIn.aspx" name="BCAuthCookie" timeout="60"
path="/" />
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

<location path="TellOthers.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow roles="AuthenticatedActiveMember" />
</authorization>
</system.web>
</location>

Global.ascx.cs
===================
Application_OnAuthenticate
--------------------------------
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

SignIn.aspx.cs
===============
//If login is successful
user.WriteAuthCookie();
Response.Redirect(FormsAuthentication.GetRedirectU rl(user.Email,
false));

WriteAuthCookie
====================
/// <summary>
/// Send an encrypted Authorization cookie
/// to the user for use when authentication/authorizing
/// against web pages.
/// </summary>
public void WriteAuthCookie()
{
//Create the Auth Ticket
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, //version
Email, //user name
DateTime.Now, //creation
DateTime.Now.AddMinutes(60), //expriation
false, //persistent
GuestStatus.ToString()); //user data
//Encrypt the Auth Ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//Create a cookie and add the encrypted ticket to the cookie as data
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

//Add the Auth Cookie to the outgoing cookies collection
HttpContext context = HttpContext.Current;
context.Response.Cookies.Add(cookie);
}

Nov 19 '05 #1
2 2696
Check if you are properly signing out the user. On the logout
page/functionality use the following two lines:

Session.Abandon();
FormsAuthentication.SignOut();

Hope this helps.

All the Best,
Ram Adhikari.

"pv*******@yahoo.com" wrote:
I recently found out that my authentication cookies are not expiring
even though I have set the persist property to false. As a result,
users are able to access the secure websites with indifferent results.

Any pointers/suggestions would be very appreciated.

Things were running as usual till until recently.

Here are the relevant pieces of code
==========================================

Web.config
----------------
<authentication mode="Forms">
<forms loginUrl="SignIn.aspx" name="BCAuthCookie" timeout="60"
path="/" />
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

<location path="TellOthers.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow roles="AuthenticatedActiveMember" />
</authorization>
</system.web>
</location>

Global.ascx.cs
===================
Application_OnAuthenticate
--------------------------------
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

SignIn.aspx.cs
===============
//If login is successful
user.WriteAuthCookie();
Response.Redirect(FormsAuthentication.GetRedirectU rl(user.Email,
false));

WriteAuthCookie
====================
/// <summary>
/// Send an encrypted Authorization cookie
/// to the user for use when authentication/authorizing
/// against web pages.
/// </summary>
public void WriteAuthCookie()
{
//Create the Auth Ticket
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, //version
Email, //user name
DateTime.Now, //creation
DateTime.Now.AddMinutes(60), //expriation
false, //persistent
GuestStatus.ToString()); //user data
//Encrypt the Auth Ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//Create a cookie and add the encrypted ticket to the cookie as data
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

//Add the Auth Cookie to the outgoing cookies collection
HttpContext context = HttpContext.Current;
context.Response.Cookies.Add(cookie);
}

Nov 19 '05 #2
Aren't the cookie supposed to expire when the browser is closed? If
not, how do I expire those cookies when the browser window is closed?

The users are closing and windows and reopening them and are able to
access the secure pages without signing in...
FYI...I do have the Abandon and SignOut in the Logoff button

Session.Abandon();
//Make sure the Auth Cookie is null
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
null);
FormsAuthentication.SignOut();
************************************************** *******************
Ram Adhikari wrote:
Check if you are properly signing out the user. On the logout
page/functionality use the following two lines:

Session.Abandon();
FormsAuthentication.SignOut();

Hope this helps.

All the Best,
Ram Adhikari.

"pv*******@yahoo.com" wrote:
I recently found out that my authentication cookies are not expiring
even though I have set the persist property to false. As a result,
users are able to access the secure websites with indifferent results.

Any pointers/suggestions would be very appreciated.

Things were running as usual till until recently.

Here are the relevant pieces of code
==========================================

Web.config
----------------
<authentication mode="Forms">
<forms loginUrl="SignIn.aspx" name="BCAuthCookie" timeout="60"
path="/" />
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

<location path="TellOthers.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow roles="AuthenticatedActiveMember" />
</authorization>
</system.web>
</location>

Global.ascx.cs
===================
Application_OnAuthenticate
--------------------------------
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

SignIn.aspx.cs
===============
//If login is successful
user.WriteAuthCookie();
Response.Redirect(FormsAuthentication.GetRedirectU rl(user.Email,
false));

WriteAuthCookie
====================
/// <summary>
/// Send an encrypted Authorization cookie
/// to the user for use when authentication/authorizing
/// against web pages.
/// </summary>
public void WriteAuthCookie()
{
//Create the Auth Ticket
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, //version
Email, //user name
DateTime.Now, //creation
DateTime.Now.AddMinutes(60), //expriation
false, //persistent
GuestStatus.ToString()); //user data
//Encrypt the Auth Ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//Create a cookie and add the encrypted ticket to the cookie as data
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

//Add the Auth Cookie to the outgoing cookies collection
HttpContext context = HttpContext.Current;
context.Response.Cookies.Add(cookie);
}


Nov 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
1
Forms Authentication Cookie Does Not Expire
by: Joey Powell | last post by:
On my asp.net application, suddenly the forms authentication cookies for all clients have quit expiring. This results in users being able to access the site from day to day without having to log...
ASP.NET
3
Forms Authentication Cookies Never Expire
by: Joey Powell | last post by:
This message was originally posted to the aspnet.security newsgroup, but no one there has ever heard of this before. That is why I am posting this message here, so that more people will see it... ...
ASP.NET
3
Forms Authenication Cookie Not Expiring Correctly
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have...
ASP.NET
0
Logout not working - Forms Authentication domain wide cookie
by: Kuldeep | last post by:
I'm using domain wide authentication cookie for single-signon solution. Single signon is working fine but logout doesnt work. I tried using Signout() method and also expiring cookie explicitely as...
ASP.NET
4
Forms authorization cookie always set to expire in 2055?
by: Amil | last post by:
I'm using Forms authorization. In my <forms> section I have timeout="30", but when I examine the cookie, it shows it expiring in 2055? Why? <authentication mode="Forms"> <forms...
ASP.NET
1
Cookieless Forms Authentication and Roles
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and...
ASP.NET
0
Bug with forms authentication persistent cookie expiry 30 minutes
by: robert | last post by:
I have noticed in .net 2 that when authenticating a user, setting the cookie using either redirectfromloginpage or setauthcookie, specifying true for the persistent parameter that the cookie is...
ASP.NET
3
Forms Authentication non-persistent cookie not expiring after closingthe browser
by: rh.krish | last post by:
I have a typical ASP.NET 2.0 Forms authentication application which authenticates against Active Directory. I use non-persistent cookie so that the user is NOT remembered across browser sessions....
ASP.NET
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
3
NeoPa
VBA Class Basics
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
3
Finding a record, and then saving a new record after the record has been amended.
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
3
SueHopson
Applying ComboBox filters Sequentially
by: SueHopson | last post by:
Hi All, I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!