Re: authentication cookie vs session cookie
From: Michal A. Valasek (news_at_altaircom.net)
Date: 08/08/03
- Next message: Dave: "User has to login twice. Why??"
- Previous message: Jerry: "Re: impersonate/delegate problem"
- In reply to: Joseph: "authentication cookie vs session cookie"
- Next in thread: Yan-Hong Huang[MSFT]: "RE: authentication cookie vs session cookie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Aug 2003 14:10:37 +0200
| What are the differences between authentication and session cookies? In my
| web.config file, I set the cookieless attribute for the sessionState
element
| to false. Why do we need 2 different types of cookies? Is the session
| cookie enough for authentication purpose?
Authentication and session cookies should be different, so you can use these
features independently. Most of my applications uses authentication, but has
disabled session state. Having one solution would force everyone using Forms
Authentication to use sessions too.
| I do feel uncomfortable to maintain 2 different timeouts (form
| authentication cookie and session) in the web.config file. Is it possible
to
| keep both in sync (i.e. make authentication cookie expires at the same
time
| the session expires)?
You can set timeouts for login and session state to same value.
-- Michal A. Valasek, Altair Communications, http://www.altaircom.net Please do not reply to this e-mail, for contact see http://www.rider.cz
- Next message: Dave: "User has to login twice. Why??"
- Previous message: Jerry: "Re: impersonate/delegate problem"
- In reply to: Joseph: "authentication cookie vs session cookie"
- Next in thread: Yan-Hong Huang[MSFT]: "RE: authentication cookie vs session cookie"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
