forms authentication -- expired forms cookie vs. not provided forms cookie

E

Eric

I want my users to get a login page if they forms cookie is not present, but
if the forms cookie is present and expired, I want them to get a timeout
page. Is this possible with forms authentication?
 
D

Dominick Baier [DevelopMentor]

Hi,

i don't know any programmatic way to distinguish between these two states.
no.
 
E

Eric

Thank you for a quick reply. I was able to kind of "fake" forms
authentication based on existence of ReturnUrl in the query string. I put
code in the Application_AuthenticateRequest() event where if request is not
authenticated but the ReturnUrl is present in the query string, I attempt to
decrypt the forms cookie. If cookie exists and I'm able to decrypt it, I then
check if it's expired. If it's expired, I redirect to the timeout page. If
I'm already logged in and after letting forms cookie to expire I attempt to
load the page that requires non-authenticated user, forms authentication will
redirect me to the login page with ReturnUrl, which is what I look for in the
Application_AuthenticateRequest. Looks like it's working, but I'm not sure if
it's the best solution.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Set cookie in the browser following a Post request 1
Forms Authentication Cookie Expiration Problem for SSO 1
forms authentication question 7
Check forms With JavaScript 1
Forms authentication - clean cookie when close browser 1
forms authentication cookie changes 2
cookie 25
Forms authentication not working right 1

Members online

No members online now.
Total: 111 (members: 0, guests: 111)
Robots: 292

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top