Re: FormsAuthentication & createPersistentCookie

---

• From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
• Date: Mon, 05 Jun 2006 02:24:41 GMT

---

Hi Alex,

The "createPersistentCookie" parameter in the
FormsAuthentication.RedirectFromLoginPage() method controls whether the
ASP.NET will create a persistent cookie or session cookie for the
authentication ticket of the current login user. Forms authentication's
authentication ticket is stored in client-side cookie by default. There are
two kinds of cookies, session cookie and persistent cookie. Session cookie
is only available during its lifecycle(before it expires), however, if the
client user close the browser, the session cookie will also be no longer
available. While persistent cookie is always available as long as it
hasn't expired (even if the client user close the browser). So using
"persistent cookie" can provide a "remember me " function like many
websites do.

Also, the username/password is required only when the user is
authenticating against the login page. After he has logedIn, an
authentication ticket is produced and cached in the user's client-side
cookie(the default behavior). And all the sequential requests from the user
will use this ticket(from cookie) to perform the authentication (rather
than username/password credentials) as long as the ticket hasn't expired.

Hope this helps clarify some. If there is still anything unclear, please
feel free to post here.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)




.

---

• Follow-Ups:
  • Re: FormsAuthentication & createPersistentCookie
    • From: Steven Cheng[MSFT]

• References:
  • Re: FormsAuthentication & createPersistentCookie
    • From: Dominick Baier [DevelopMentor]

• Prev by Date: Re: impersonation for file & DB access
• Next by Date: Re: request page I can't have -> goes to login
• Previous by thread: Re: FormsAuthentication & createPersistentCookie
• Next by thread: Re: FormsAuthentication & createPersistentCookie
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: forms authentication timeout ... Though there does exist the "timeout" setting in the web.config for forms ... the Forms Authentication Ticket is actually ... Authentication ticket & cookie generation your self in code. ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet) Re: Forms-Based protecting too much ... mention of authorization or deny then it will inherit those properties from ... Did you set an authentication cookie after the user logged in? ... Once the authentication ticket is set the user should have free ... (microsoft.public.dotnet.framework.aspnet.security) RE: Authentication Ticket Persistance ... If you set a cookie in one domain, ... >Subject: Authentication Ticket Persistance ... >Any ideas on why this cookie persists and/or how I can stop it? ... (microsoft.public.dotnet.framework.aspnet.security) Re: Forms authentication: Apps sharing the loginURL page ... Or you could use one authentication ticket for all areas, ... Roles to restrict access. ... > Is there anyway I can get the cookie name ... >>The web.config file in the root directory sets the cookie ... (microsoft.public.dotnet.security) Re: C++ to read cookies created by local HTML file ... BOOL bReturn; ... // Create a session cookie. ... // Create a persistent cookie. ... (microsoft.public.vc.mfc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)