Forms Auth Problems.

E

Ed Staffin

Hi, I am using the fairly standard code below to do my
forms authentication ticket and redirect, however, I am
finding that once successfully logged in, I don't get
another log after I close the browser. Is there something
I need to do to let it know that if the browser closes
they should be logged out?
Thanks ... Ed


Dim tkt As FormsAuthenticationTicket
Dim cookiestr As String
Dim ck As HttpCookie

tkt = New FormsAuthenticationTicket(1, txtUserName.Text,
DateTime.Now(), DateTime.Now.AddMinutes(20),
True, "")
cookiestr = FormsAuthentication.Encrypt(tkt)
ck = New HttpCookie( _
FormsAuthentication.FormsCookieName(), cookiestr)
ck.Expires = tkt.Expiration
ck.Path = FormsAuthentication.FormsCookiePath()
Response.Cookies.Add(ck)
Resonse.Redirect(FormsAuthentication.GetRedirectUrl _
(txtUserName.Text, False))
 
K

Ken Schaefer

Your auth cookie can two options:
a) it has no expiry date, in which case it is held in the browser's memory,
and when the browser process is closed (all windows are closed), then the
cookie is discarded.
b) it has an expiry date (a persistant cookie), which is then written to
disk, and returned to the server if the browser returns to that site (even
if it has been closed)

The server does not know when a user closes their browser - the browser
doesn't send anything to every server that it's visited telling the server
that the browser is being closed (that would be a huge privacy problem). So
the server keeps the session going until it eventually timesout. However, if
you:
a) have a persistant cookie
b) just close your browser
c) open the browser again and point it to the side
then
a) the session is still going on the server
b) the browser still has the cookie
so you will be let in.

You could use some client-side javascript code that pops-up a new window
when the user attempts to close their browser. This new window would call a
special page on the server that abandons the user's session. However pop-up
blockers will block this from ever happening.

Cheers
Ken

: Hi, I am using the fairly standard code below to do my
: forms authentication ticket and redirect, however, I am
: finding that once successfully logged in, I don't get
: another log after I close the browser. Is there something
: I need to do to let it know that if the browser closes
: they should be logged out?
: Thanks ... Ed
:
:
: Dim tkt As FormsAuthenticationTicket
: Dim cookiestr As String
: Dim ck As HttpCookie
:
: tkt = New FormsAuthenticationTicket(1, txtUserName.Text,
: DateTime.Now(), DateTime.Now.AddMinutes(20),
: True, "")
: cookiestr = FormsAuthentication.Encrypt(tkt)
: ck = New HttpCookie( _
: FormsAuthentication.FormsCookieName(), cookiestr)
: ck.Expires = tkt.Expiration
: ck.Path = FormsAuthentication.FormsCookiePath()
: Response.Cookies.Add(ck)
: Resonse.Redirect(FormsAuthentication.GetRedirectUrl _
: (txtUserName.Text, False))
:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

forms authentication ticket expiration problem 2
forms based authentication - ticket not expiring 0
Forms Authentication problem 0
problem with slidingExpiration 4
Forms Auth (roles being ignored) 0
Forms Authentication issue. works in debugger, not live. 0
forms authentication, cookieless? 2
Create Forms Authentication Ticket with Machine Keys 1

Members online

Total: 66 (members: 2, guests: 64)
Robots: 421

Forum statistics

Threads
473,982
Messages
2,570,186
Members
46,739
Latest member
Clint8040

Latest Threads

Top