FormsAuthentication cookie problems
From: Scott (ScottLorenz_at_UniversalComputerSys.Com)
Date: 10/03/03
- Next message: Andy Chau: "Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?"
- Previous message: jason_at_cyberpine.com: "passing user name info to protected page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Oct 2003 14:44:51 -0500
Our website is confugred to use Forms Authentication. The web.config
<authentication> element has the timeout property set to 45 (minutes). We
are setting the cookie using the RedirectFromLoginPage() which should use
the <authentication> timeout value to configure it properly. At least thats
my understanding of how it should work.
Most times we have no problems, but occasionally a request will come into
the server and the client is redirected to the login page for no reason. We
have looked at the IIS logs and the request coming in has the same
authentication cookie that was assigned previously. But all of a sudden IIS
doesn't like it anymore, after a period of 5 or 10 minutes, nothing near the
timeout value.
I have read previous posts that mention Decrypt() occasionally fails to
decrypt the cookie properly, which causes the client to be redirected to
login. Does anyone know if this is a known bug? Does anyone have any other
suggestions?
Any help would be appreciated.
Scott Lorenz
ScottLorenz@UniversalComputerSys.com
- Next message: Andy Chau: "Is there any asymmetric crypto API to allow decrypting a message but not encrypting it?"
- Previous message: jason_at_cyberpine.com: "passing user name info to protected page"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
