forms authentication cookie changes

From: Andy Fish (ajfish_at_blueyonder.co.uk)
Date: 07/21/05


Date: Thu, 21 Jul 2005 16:35:00 +0100

Hi all,

For reasons I would rather not go into, I sometimes need to get the value of
the forms authentication cookie and use it later when submitting another
request to the server.

mostly this works fine but sometimes it seems that the server decides to
change the forms authentication cookie (in contrast to the session cookie
which stays the same the whole time the session is in existence).

note that this is not happening because the authentication timeout has
expired. I am still logged on as the same user and have the same session;
it's just that the cookie value has changed.

Can anyone explain why and how this happens, and if there is any way I can
control (or disable) this behaviour?

TIA

Andy



Relevant Pages

  • Re: Sessions and Forms Authentication Cookie
    ... I set it so it's the same as my session timeout. ... > expiry time for the Forms Authentication cookie is 30 mins? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: proper way to logout and end a session
    ... also the authentication cookie is separate from the session cookie. ... as the second site is opened from the first, its cookies are not deleted by the browser when the window is closed, so when the site is reopened, the authentication cookie is still active. ... And when people click the logout link inside the application, the application will close this second browser window. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Problem with Forms Authentication
    ... not persist the authentication cookie beyond the session ... so each time a user starts a session they must go through ... user to 'Remember Me' using a checkbox and persisting the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Questions About Session Timeout
    ... The IIS config will handle the session state, and the forms auth will handle the authentication cookie. ... This is what the auth cookie lifetime is for, which you set in the forms auth section of the web.config. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: what in place of session variables
    ... Once Membership is installed the use of the Profile can be used to store session data rather easily. ... It has most of the logic all set for you and will set the encrypted forms authentication cookie for you as well. ... Main problem is that I save user authentication info into session variables, and once these variables fall to Null, user is sent again to the login page. ...
    (microsoft.public.dotnet.framework.aspnet)