Re: Forms authentication - clean cookie when close browser
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Feb 2007 09:46:54 +0000 (UTC)
How do you set the ticket?
using FormsAuthentication.RedirectFromLoginPage or SetAuthCookie -
they both have a boolean paramter - usePersistentCookie (or similar) - if set to true - the cookie will be saved on the user's harddrive and re-used.
Oh an btw - don't set protection="None" !!! This is very dangerous - leave it to the default value (which is 'all')
Also disable 'enableCrossAppRedirects' if you don't need it (and you will only need that in special cases with cookieless auth).
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hello. I use forms authentication and it's work except one thing. I
want push users make relogin (insert login and pass) when they close
I have those settings in Web.config :
<forms loginUrl="login.aspx" cookieless="UseCookies"
enableCrossAppRedirects="true" requireSSL="false" timeout="1"
<user name="test1" password="test2" />
<user name="root" password="admin" />
<deny users="?" />
It works like this:
1. Open site and login
2. redirect defaultUrl
3 close browser
4. open browser and get defaultUrl (not login page!!)
The question is why it doesn't ask reinsert login if somebody close
browser and how to do this work?
- Prev by Date: Re: Question about cookie protection and FormsAuthentication.Encry
- Next by Date: Re: AD Login failure when using ActiveDirectoryMembershipProvider
- Previous by thread: Re: AD Login failure when using ActiveDirectoryMembershipProvider
- Next by thread: Re: Basic password security question