Re: Problems with Forms Auth and Session State.
DanR_at_REMOVETHISTOGETTOME-warshawgroup.com
Date: 07/07/03
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: DirectoryEntry - enum users/groups..."
- Previous message: DanR_at_REMOVETHISTOGETTOME-warshawgroup.com: "Framework bug with Auth and Session state?"
- In reply to: Matjaz Ladava: "Re: Problems with Forms Auth and Session State."
- Next in thread: Harry: "Re: Problems with Forms Auth and Session State."
- Reply: Harry: "Re: Problems with Forms Auth and Session State."
- Reply: Harry: "Re: Problems with Forms Auth and Session State."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jul 2003 10:19:01 -0400
At the point my user authenticates, I set up their session variables. I then
rely on a "User.Identity.IsAuthenticated" to tell me if the user is good.
Sometimes the session ends but the "User.Identity.IsAuthenticated" still
returns true.
The problem is that sometimes the user at the browser is in this
inconsistant state state where the Session has been voided/invalidated (it's
empty) but the ASP framework still treats the user as authenticated. This is
bad. I'm not sure why the framework treats them as independently managed
cookies. (I mean I know why it is two different cookies, but not why they
are not tied together better/more correctly/usefully)
I specifically see this working in the development environment- the session
gets killed by restarting the debugger, but the client/web is still
authenticated/signed in.
"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:%23ggGBfIQDHA.3020@TK2MSFTNGP10.phx.gbl...
> To invalidate ASP.NET auth cookie, you have to call
> FormsAuthentication.SignOut(); followed by Response.Redirect(.) to
redirect
> user to another page.
>
> --
> Regards
>
> Matjaz Ladava, MCSE (NT4 & 2000)
> matjaz@ladava.com
> http://ladava.com
>
> <DanR@REMOVETHISTOGETTOME-warshawgroup.com> wrote in message
> news:ubC8j6BQDHA.1608@TK2MSFTNGP11.phx.gbl...
> > Clearly Forms Authentication manages it's Authorization state using a
> > different cookie than the Session cookie. I am running into the problem
> > (particularly while developing) that my Auth cookie is still valid while
> my
> > session data is gone/has been deleted. Anyone else running into this?
> >
> > The whole idea is to have the ASP.NET framework manage an 'isLoggedIn'
> sort
> > of framwork, so that I don't have to build my own. What I am doing,
then,
> is
> > using Forms auth to auth the user and set the Auth cookie. Then I stick
> > stuff in session.
> >
> > I often find myself in a state where the Session is void, but the Auth
> > framework is still allowing me to get to pages as though I am a logged
in
> > user.
> >
> > Does that make sense? I can post code, but you folks should know what I
> > mean. Anybody else seeing this? What do you do for session management?
> >
> > -DanR
> >
> >
>
>
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: DirectoryEntry - enum users/groups..."
- Previous message: DanR_at_REMOVETHISTOGETTOME-warshawgroup.com: "Framework bug with Auth and Session state?"
- In reply to: Matjaz Ladava: "Re: Problems with Forms Auth and Session State."
- Next in thread: Harry: "Re: Problems with Forms Auth and Session State."
- Reply: Harry: "Re: Problems with Forms Auth and Session State."
- Reply: Harry: "Re: Problems with Forms Auth and Session State."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
