473,372 Members | 975 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Authentication Cookie not in Request.Cookies

Joe
In ASP.NET 1.1 I could detected expired form authentication tickets (which
closely coincide with my expired session) by checking for the Authentication
Cookie when the login screen loads. If the cookie exists, then decrypt the
forms auth. ticket and check to see if it is expired. If so display a
message to the user letting them know why they are back on the login screen.
The code I used was something like this:

Dim cookie as HttpCookie =
Request.Cookies(FormsAuthentication.FormsCookieNam e)
Dim ticket as FormsAuthenticationTicket =
FormsAuthentication.Decrypt(cookie.value)
If ticket.IsExpired Then ...

Now when upgrading to ASP.NET 2.0 I am finding that
Request.Cookies(FormsAuthentication.FormsCookieNam e) will only return the
Auth cookie PRIOR to the expiration of the Auth Ticket. Afterwards,
Request.Cookies will not contain the cookie. I can still get to the Cookie
with Request.Headers("Cookie") and manually pull it out but I just wanted to
verify that this is in fact a change in .NET 2.0 and not just me missing
something...Reflector on the HttpRequest.Cookies property doesn't seem to
show anything removing the Auth cookie, so I'm a little perplexed...

Is there a better way to detected expired sessions? I know some people use
the Session.IsNew() property in conjunction with searching for the
preexistance of the session cookie but for me this does not work because I am
dealing with several asp.net apps that share an authentication cookie but all
have different session states. Thus, I just use the auth ticket expiration
as it (used to be) easier to detect...

Thanks in advance for the input!

Nov 14 '06 #1
1 4435
Hi,

Based on my understanding, you have two questions:

1) Why the cookie FormsAuthentication.FormsCookieName cannot be found in
Request.Cookies collection after the session is expired in ASP.NET 2.0?

2) What's the recommended way to detect expired sessions?

If I've misunderstood anything, please feel free to let me know.

For question 1), I cannot find documentation on the design change. Also, I
don't think this is the recommended way to detect expired sessions.

For question 2), it's a pity that currently ASP.NET doesn't provide a
built-in way to return this information. Though we do have two commonly
used workarounds:

2.1) The first workaround is create a cookie on Session_OnStart as
described in following FAQ:

#ASP.NET Forums - Understanding session state modes + FAQ
http://forums.asp.net/7504/ShowPost.aspx
Q: How do I detect a session has expired and redirect it to anther page?
A: It's a much requested feature, and unfortunately there is no easy way to
do it right now. We will look into in the next major version. In the
meantime, if you are using cookie, you can store a marker in your cookie so
you can tell the difference between "fresh browser + new session" and "old
browser + expired session". Below is a sample code that will redirect the
page to an expired page if the session has expired.

void Session_OnStart(Object sender, EventArgs e) {
HttpContext context = HttpContext.Current;
HttpCookieCollection cookies = context.Request.Cookies;

if (cookies["starttime"] == null) {
HttpCookie cookie = new HttpCookie("starttime",
DateTime.Now.ToString());
cookie.Path = "/";
context.Response.Cookies.Add(cookie);
}
else {
context.Response.Redirect("expired.aspx");
}
}
2.2) Second workaround is to use the cookie used to store the session id:

#Detecting ASP.NET Session Timeouts: ASP Alliance
http://aspalliance.com/520

if (Context.Session != null)
{
if (Session.IsNewSession)
{
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) &&
(szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
{
Response.Redirect("sessionTimeout.htm");
}
}
}
Additional references:

#Multiple Login Check with Session Ping
http://www.eggheadcafe.com/articles/20040720.asp

#How and why session IDs are reused in ASP.NET
http://support.microsoft.com/kb/899918
Hope this helps. Let me know if you need further information.

Sincerely,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Nov 14 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Michael Foord | last post by:
#!/usr/bin/python -u # 15-09-04 # v1.0.0 # auth_example.py # A simple script manually demonstrating basic authentication. # Copyright Michael Foord # Free to use, modify and relicense. #...
1
by: Scott | last post by:
Hi, We're having an issue with Forms Authentication cookies being treated as expired / invalid, and being deleted. This is causing our intranet users a great deal of pain - Running IIS 5.0 on...
1
by: e | last post by:
I'm using forms authentication on a site. When the user logs in via the login page, the entered creds are checked against AD, and if valid, an encrypted forms authentication ticket is produced and...
0
by: francois | last post by:
hello, I am using forms authentication and I would like that my authentication cookie expires after let say 1 minutes (just for the exemple). When I log in in my longon page, the user has to...
0
by: Kuldeep | last post by:
I'm using domain wide authentication cookie for single-signon solution. Single signon is working fine but logout doesnt work. I tried using Signout() method and also expiring cookie explicitely as...
2
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent...
1
by: Tod Birdsall, MCSD for .NET | last post by:
Hi All, I have two ASP.NET applications which I am trying to have share forms authentication. But I am running into problems. App A is an ASP.NET 2.0 Beta 2 application. App B is an ASP.NET...
1
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and...
8
by: =?Utf-8?B?TFc=?= | last post by:
Hello! I am just learning about forms authentication so please excuse this basic question. I am using .NET 1.1 and C#. I have created my web.config file and my login.aspx and the associated cs...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.