Cookies question
From: Joe Fallon (jfallon1_at_nospamtwcny.rr.com)
Date: 03/23/05
- Previous message: Amit Batish via .NET 247: "ASP.NET file security problem"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Cookies question"
- Reply: Dominick Baier [DevelopMentor]: "Re: Cookies question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Mar 2005 18:21:33 -0500
I use forms authentication for my app.
After I log in successfully each request by the browser contains 2 cookies.
One for the SessionID and one for forms authentication which contains my
ticket.
Can someone please explain where these cookies are stored? I think it is in
memory in the browser but am not sure.
Also, some users have stated that they can do the following:
1. Start a browser, hit the site and log in.
2. Start a 2nd browser.
3. Hit the site.
4. BYPASS the log in page and go directly to the Home page.
They claim they can also close all browser sessions, start a new one and
still Bypass the log in page.
How is this possible?
Why would the 2nd browser session have the cookies noted above?
I assume once the authenctication ticket expires in 30 minutes of inactivity
that neither scenario would be possible. They would have to re-log in first.
Thanks for any info on this.
-- Joe Fallon
- Previous message: Amit Batish via .NET 247: "ASP.NET file security problem"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: Cookies question"
- Reply: Dominick Baier [DevelopMentor]: "Re: Cookies question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
