473,322 Members | 1,405 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Login / auth cookie problem after migrating to .NET 2.0

Hello,

we have migrated our website from .NET 1.1 to .NET 2.0.
After this, some of our users are unable to log-on our site, while for
the majority of them there's no problem.

We're using a standard procedure to login (see below).

The Request.Cookies[FormsAuthentication.FormsCookieName] returns NULL,
after their login attempt, on subsequent pages. We're setting other
cookies, for instance the cookies of google analytics, with no
problem.The're no problem too with the ASP.NET_SessionId cookie.

The only way for them to be able to logon, is to manually delete their
cookies.

Here is the code, we're using:

iduser = Encryption.Encrypt(userid.ToString());
FormsAuthentication.SetAuthCookie(iduser, false);
userdata = "XXX";

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // version
iduser, // user name
DateTime.Now, // issue time
DateTime.Now.AddHours(72), // expires
persistent, // persistent
userdata // user data
);
FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket));
HttpContext.Current.Response.Cookies.Add(FormsCook ie);

Then we do a Response. Redirect.

Does anybody have an idea of what we can do ? It's a real problem for
us.
Thanks in advance

Aug 24 '07 #1
1 1634
Hi,

thanks for the reply. Yes we're using .NET 2.0 already.

Anyway, I've found the solution but cannot really explain it and if
you have an idea about that, I would be really interested.

I realized that 2 cookies were actually created: one associated with
"mydomain.com" and one with "www.mydomain.com".

The problem was solved by setting the cookie domain to "mydomain.com".
It doesn't work when I set it to "www.mydomain.com" and I don't know
why.

Regarding the IIS configuraiton, the websites headers doesn't contain
"mydomain.com". We have a second website defined that redirect
"mydomain.com" to "www.mydomain.com" for the people just arriving on
our site using "mydomain.com".

What I don't understand is is why did the .NET framework create a
"mydomain.com" cookie by default (i.e. when no domain was set), even
if I came to the website with the "www.mydomain.com" URL ?

Then the problem occured when people logged in on the previous version
of the site (.NET 1.1) with an old "mydomain.com" cookie : the new
version of the site was unable to read this cookie or overwrite it.
And so the user was unable to logon. When we set the domain property
of the cookie to "mydomain.com", it works, the cookie can then be
overrided and everything works fine. Note that it wasn't systematics:
only around 20 to 30% of our users encountered it.

Thanks again for your reply

Aug 28 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Dan Stromberg | last post by:
If I wanted to write a python script that performs basic auth, gets a cookie, and then does an http POST using the cookie for authentication, what would be the best python API to write to? Does...
1
by: Kevin | last post by:
I need to control access to my web site via login information in a database on the server. The only way I see to do this is to use an authenication scheme that doesn't require a user login...
9
by: buran | last post by:
Dear ASP.NET Programmers, How can I post data to an ASP.NET login page and pass authentication? The login page uses forms authentication, users must supply usernames and password and have to...
11
by: David W. Simmonds | last post by:
I have a form that will prompt for a user name/password. In VS.NET, I have the protected form in a folder named Admin. I have a Web.config file in that folder as well. It contains the following...
2
by: Iggy Evans | last post by:
Hi My app is trying to login to an ASP.NET site that uses Forms authentication. I am trying to do in my app (what was previously posted in a newsgroup) the same that a browser does 3) The browser...
4
by: 23s | last post by:
I had this problem in the past, after a server reformat it went away, and now after another server reformat it's back again - no clue what's doing it. Here's the flow: Website root is public, no...
3
by: =?Utf-8?B?RHVrZSAoQU4yNDcp?= | last post by:
The majority of pages on our site need authentication (forms auth against the aspnetdb database). I created an '~/auth' folder with its own config file forcing authentication for any pages in the...
4
by: J. Frank Parnell | last post by:
The goal here is to use basic authentication for a user to log in, but keep a cookie so that they dont have to log in every browser session. <? $user = "user"; $pass = "pass"; ...
9
by: Josh | last post by:
I run a Joomla website and am familiar with php in some but not all aspects. Currently I am trying to find some solutions related to session handling. Am I correct in saying that "login" is kept...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.