How to do Forms based authentication without cookies

From: Vladimir Maysuradze (mvv@ewebcoding.com)
Date: 07/26/02

Next message: Aaron Margosis [MS]: "Re: Forms based security without cookies?"
Previous message: Christopher Zacharias: "Accessing the ACL of a file?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Vladimir Maysuradze" <mvv@ewebcoding.com>
Date: Fri, 26 Jul 2002 12:14:17 -0400

It can be done by configuring <sessionState> node of the web.config file for
your application.
There is attribute cookieless with default value set to false. Once set to
true, ASP.NET starts putting session state id in the URL, so URL would look
like that:
http://localhost/FormAuth/(od2umkuhk0pd4pqqmz25vj2y)/login.aspx

where (od2umkuhk0pd4pqqmz25vj2y) is automagically added by ASP.NET.
That's all there is to it.
I did get it to work on my application.

Also, there is a read-only property HttpSessionState.IsCookieless that can
be used to determine whether application is running in the cookieless state.
I hope that helps.

Next message: Aaron Margosis [MS]: "Re: Forms based security without cookies?"
Previous message: Christopher Zacharias: "Accessing the ACL of a file?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re:
... It means that ASP.NET doesn't use cookies to maintain session state. ... Instead, ASP.NET will maintain session state by inserting a random ID, ... > sessionState section's cookieless attribute to true in the web.config ... Prev by Date: ...
(microsoft.public.dotnet.framework.aspnet)
Sessions - cookieless for non-cookie users only
... If "cookieless" is set to false then ... ... - If user's browser supports cookies then cookie is used to track Session ... and set cookieless to "false" then Session state cannot be stored. ...
(microsoft.public.dotnet.framework.aspnet)