Re: Forms Authentication SignOut does not remove Cookie

From: Ron Cicotte (msnews@summerstreet.net)
Date: 04/22/03

  • Next message: Daniel Albisser: "Re: Form-base Authentication - Protect single Controls included in ASPX Pages" 
    From: "Ron Cicotte" <msnews@summerstreet.net>
Date: Tue, 22 Apr 2003 00:29:57 -0400

    Problem solved!

    I had a path in my web.config that was not the root path "/vci" vs "/" .
    Reference docs warn that this can cause the FormsAuthentication to not find
    the cookie unless the path is also set correctly when the cookie is created
    and paths to pages are case sensitive.

    So be Warned! leave the Forms Authentication path setting in Web.config
    setting as the default "/" unless you are very sure about what you and your
    visitors are doing.

    I wasted a day and a half on this.

    -ron

    "Ron Cicotte" <msnews@summerstreet.net> wrote in message
    news:OndOT3GCDHA.2328@TK2MSFTNGP10.phx.gbl...
    > I am using forms authentication and it seems to work fine except for the
    > FormsAuthentication.Signout(). I have a login page with the following
    code
    > in the Page_Load function:
    >
    > private void Page_Load(object sender, System.EventArgs e)
    >
    > {
    >
    > //utilities for managing database I/O
    >
    > Util=new vci_Utilities(this);
    >
    > if (!IsPostBack)
    >
    > {
    >
    > // check forms authentication and set isloggedin = true if the user is
    > logged in.
    >
    > LoginCookies();
    >
    > // auto logout when coming back to this page after logging in
    >
    > if(isLoggedIn)
    >
    > {
    >
    > FormsAuthentication.SignOut();
    >
    > isLoggedIn = false;
    >
    > Session.Abandon();
    >
    > Response.Redirect("Login.aspx",true);
    >
    > }
    >
    > Login_Show();
    >
    > }
    >
    > else
    >
    > {
    >
    > uid = Int32.Parse(ViewState["uid"].ToString());
    >
    > isLoggedIn = (bool)ViewState["IsLoggedIn"];
    >
    > }
    >
    > }
    >
    > LoginCookies tests to see if the user is logged in using the
    > Request.IsAuthenticated attribute and sets a page var (bool isLoggedIn)
    > based on the result. The problem is that the the SignOut() method is not
    > removing the authentication cookie as expected. Request.IsAuthenticated
    > always returns true. I have a watch on the IsAuthenticated attribute in
    my
    > VS debugger and it does not change after the Signout() method is invoked.
    I
    > test it immediately following the repost after redirection and it is still
    > true.
    >
    > What can I do?
    >
    >

  • Next message: Daniel Albisser: "Re: Form-base Authentication - Protect single Controls included in ASPX Pages"

    Relevant Pages

    • RE: Forms authentication cookie handling question (C#)
      ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Forms Authentication
      ... The DNS entry for my domain was not set corrretly, ... This should have overcome the cookie ... authentication ticketis not correctly set to the domain your ... Microsoft MSDN Online Support Lead ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Forms authentication cookie handling question (C#)
      ... programmatically generate forms authentication ticket and set it in ASP.NET ... You use the Login control's "Authentication" event to do the user ... LoginControl's default code logic to generate authentication cookie. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: authentication cookie vs session cookie
      ... level of using authentication cookies on the client machines. ... authentication cookie on a manager's machine is stolen and used on a client ... > session variables as it relies on the session cookie that ASP.NET sends to ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: forms authentication cookie problem
      ... authentication cookie. ... what's going on on the server. ... >324488 Forms Authentication and View State Fail ... >characters, the browser will still request the page, but ...
      (microsoft.public.dotnet.framework.aspnet.security)