R
rgouge
I'm working on an ASP.NET application (ver 1.1) .. using forms
authentication. The problem I'm having is managing the cookie. I'm not
using a persistenting the authentication cookie .. have a sliding expiration
of 10min that I update every time the page is posted to the server. I am
having two issues ..
1. I end up with multiple cookies of the same name in the cookie
collection
2. If I have a web page open initially and redirect from a link on that
page to the application I am working on in a new window .. they both share
the same session id .. and cookie collection. If I authenticate a user now
in my web application and the user then closes the application without
logging out (leaving the window containing a link to my application open).
and then the user clicks on the link to redirect back to the application to
be authenitcated seeing that the cookie and session are the same .. the user
skips the login page and is directed to the requested URL in the
application.
Any feedback would be appreciated.
authentication. The problem I'm having is managing the cookie. I'm not
using a persistenting the authentication cookie .. have a sliding expiration
of 10min that I update every time the page is posted to the server. I am
having two issues ..
1. I end up with multiple cookies of the same name in the cookie
collection
2. If I have a web page open initially and redirect from a link on that
page to the application I am working on in a new window .. they both share
the same session id .. and cookie collection. If I authenticate a user now
in my web application and the user then closes the application without
logging out (leaving the window containing a link to my application open).
and then the user clicks on the link to redirect back to the application to
be authenitcated seeing that the cookie and session are the same .. the user
skips the login page and is directed to the requested URL in the
application.
Any feedback would be appreciated.