473,320 Members | 1,695 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

FormsAuthentication cookie refreshing

Dan
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I can
test this easily by simply having a hidden iframe and use a javascript call
to refresh my sites blank page every time the external site loads a page and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some reason
this did not cause the cookie to be reset. I had thought that the forms auth
module would process the request regardless of how it was generated and thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan

Oct 6 '06 #1
3 2450
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Dan" <Da*@discussions.microsoft.comwrote in message
news:43**********************************@microsof t.com...
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan

Oct 6 '06 #2
Dan
thanks for the quick reply!

i need to contact this other site as it is a self contained application like
many of the sites that are connected to from our portal. it needs to appear
seamless to the user though i.e. as though it is all one app, hence the need
to keep the session alive for all hosted sites (all the others are in our
control so no probs there). the nature of the site is that a user may well
spend quite a reasonable amount of time doing stuff there and then need to
use another site, at which point the cookie may have expired.

what is a 'BS' page?

re-architecture is prob not an option as the other site does not belong
directly to us, although it must participate within our business process, but
out of interest, what other options would you have suggested if you had full
control?

cheers
dan
"Cowboy (Gregory A. Beamer)" wrote:
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Dan" <Da*@discussions.microsoft.comwrote in message
news:43**********************************@microsof t.com...
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan


Oct 9 '06 #3
Dan
one other question, sorry!

'Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question'

how is using xmlhttp to hit the aspx page different to using a normal
browser request i.e. in this case via iframe? wouldn't both calls appear the
same to the forms auth module?

cheers
dan

"Dan" wrote:
thanks for the quick reply!

i need to contact this other site as it is a self contained application like
many of the sites that are connected to from our portal. it needs to appear
seamless to the user though i.e. as though it is all one app, hence the need
to keep the session alive for all hosted sites (all the others are in our
control so no probs there). the nature of the site is that a user may well
spend quite a reasonable amount of time doing stuff there and then need to
use another site, at which point the cookie may have expired.

what is a 'BS' page?

re-architecture is prob not an option as the other site does not belong
directly to us, although it must participate within our business process, but
out of interest, what other options would you have suggested if you had full
control?

cheers
dan
"Cowboy (Gregory A. Beamer)" wrote:
Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Dan" <Da*@discussions.microsoft.comwrote in message
news:43**********************************@microsof t.com...
Hi,
>
I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.
>
My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?
>
Thanks
Dan
>
Oct 9 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: George Durzi | last post by:
When you call FormsAuthentication.SignOut(), is the FormsAuthentication cookie supposed to be destroyed automatically? I'm creating my FormsAuthentication cookie by doing: HttpCookie oCookie =...
2
by: StanD | last post by:
At the end of my login process I am generating my own Persistent FormsAuthentication ticket. I encode this and set a cookie value. I then use Response.Cookies.Add(cookie), and I continue the...
4
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and...
2
by: Grant Merwitz | last post by:
Hi, i am using forms authentication in an ASP.NET project I am setting the Forms authentication cookie by using: FormsAuthentication.RedirectFromLoginPage(UserName.Text, false); Now when i...
1
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on...
5
by: Åženol Akbulak | last post by:
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session). Problem is that, when...
8
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted,...
3
by: Noremac | last post by:
My google skills must be dwindling. I am trying to determine how in ASP.NET 2.0 I can get the ReturnUrl querystring variable in Forms Authentication to contain the absolute url. Just like others...
2
by: rn5a | last post by:
A web.config file has the following code: <configuration> <system.web> <authentication mode="Forms"> <forms name="NETConnectCookie" loginUrl="Login.aspx"> <credentials passwordFormat="SHA1"/>...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.