Re: forms authentication cookie changes

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 07/21/05


Date: Thu, 21 Jul 2005 10:07:16 -0700

Hello Andy,

FormsAuth issues a new cookie after timeout/2. That's the behaviour when
you have sliding expiration enabled.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi all,
>
> For reasons I would rather not go into, I sometimes need to get the
> value of the forms authentication cookie and use it later when
> submitting another request to the server.
>
> mostly this works fine but sometimes it seems that the server decides
> to change the forms authentication cookie (in contrast to the session
> cookie which stays the same the whole time the session is in
> existence).
>
> note that this is not happening because the authentication timeout has
> expired. I am still logged on as the same user and have the same
> session; it's just that the cookie value has changed.
>
> Can anyone explain why and how this happens, and if there is any way I
> can control (or disable) this behaviour?
>
> TIA
>
> Andy
>



Relevant Pages

  • Problem with Forms Authentication
    ... not persist the authentication cookie beyond the session ... so each time a user starts a session they must go through ... user to 'Remember Me' using a checkbox and persisting the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Questions About Session Timeout
    ... The IIS config will handle the session state, and the forms auth will handle the authentication cookie. ... This is what the auth cookie lifetime is for, which you set in the forms auth section of the web.config. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: FormsAuthentication
    ... It should be only one cookie per Forms session. ... RedirectFromLoginPage function and the you might have an old persistent ... > I am setting the Forms authentication cookie by using: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: session wont timeout
    ... Maybe this is a session cookie issue? ... client browser there is this one: WSS_KeepSessionAuthenticated Expires: At ... If I kill the session cookie using IE Developer Toolbar, ... possible and IIS would throw another challenge. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Is it safe to store user_id in Session?
    ... What I was wondering is how safe it is to store user_id or username or ... session so I do not need to search the database all the time. ... OVERRIDING BASIC SESSION COOKIE AUTHENTICATION ... So what is described in the article only works for bad php scripts. ...
    (comp.lang.php)