Re: Cookies expiring when user logs out?

What happens if someone manually changes the empid cookie on the client?

Will that bring your app in trouble (maybe even security trouble) ?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

HA! Do I feel like an idiot:
if (Request.Cookies["EmpID"] != null) {
Login1.UserName = Response.Cookies["EmpID"].Value;
}
I was checking the Request object if it was null, but referencing the
Response object to get the value. DUH!!!

Sorry for the bother and thanks for your help!!!
S
"Steve" wrote:

Here's the code... as you can see I am setting the expiration date.
In the page load I'm looking for the cookie so my team doesn't have
to enter
their User ID every time.
I'm posting all the code just in case you see anything else I've left
out.
In the Page_Load event, the cookie is always null after they've
logged out.

Thanks for your quick reply! Let me know if you see anything else I
may have
missed.
S
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
if (Request.Cookies["EmpID"] != null) {
Login1.UserName = Response.Cookies["EmpID"].Value;
}
}
}
protected void Login1_LoggedIn(object sender, EventArgs e) {
if (Login1.RememberMeSet) {
HttpCookie cook = new HttpCookie("EmpID", Login1.UserName);
cook.Expires = DateTime.Now.AddYears(1);
Response.Cookies.Add(cook);
}
}
"Scott M." wrote:

How are you setting your cookies? If you aren't providing a good
expiration date, the cookies will become "session" cookies, which
only last as long as the session does.

"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E9214842-68D0-45D5-AEF9-5A09D0C8522A@xxxxxxxxxxxxxxxx

I'm using forms authentication with my .net 2.0 site.
I'm setting some cookies after the user logs in, and as long
as they stay logged in I can "see" the cookies on subsequent posts.
The problem is that as soon as the user logs out, the cookies are
gone.
I know ASP will expire the Ticket cookie, but does it expire
all other cookies too?
Anyone else ever experience this? Is it by design?

Thanks!
S


.

Relevant Pages

  • Re: Cookies expiring when user logs out?
    ... being used by people on my team, so security concerns of this nature aren't ... expiration date, the cookies will become "session" cookies, which ... The problem is that as soon as the user logs out, ... I know ASP will expire the Ticket cookie, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Cookies expiring when user logs out?
    ... I was checking the Request object if it was null, ... date, the cookies will become "session" cookies, which only last as long as ... The problem is that as soon as the user logs out, ... I know ASP will expire the Ticket cookie, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Cookies expiring when user logs out?
    ... How are you setting your cookies? ... date, the cookies will become "session" cookies, which only last as long as ... The problem is that as soon as the user logs out, ... I know ASP will expire the Ticket cookie, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • removal cookie issue
    ... i did a trace where we can see that the server try to expire some cookies on ... Connection: keep-alive ... Server: BigIP ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Wayyyyyyy OT: Firefox cookies
    ... In FF check Tools> Options> Privacy> Cookies section. ... windows user and therefore of limited value. ... I have to login ... sites seem to expire earlier than they should, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)