FormsAuthentication Cookie Q

[George Durzi]

When you call FormsAuthentication.SignOut(), is the FormsAuthentication
cookie supposed to be destroyed automatically?

I'm creating my FormsAuthentication cookie by doing:
HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

where sTicket is an encrypted FormsAuthenticationTicket. When I create the
FormsAuthenticationTicket, I set its isPersistent property to false.

I set the Expires property of my cookie to now + 2 hours.

When I log out and call FormsAuthentication.SignOut(), my
FormsAuthentication cookie is still sitting there in my cookies folder, even
if I do:

Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

 

[George Durzi]

Dear insomiacs, I noticed something weird.

FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(1,
sUserName, DateTime.Now, DateTime.Now.AddHours(4)false, sGroups);

// Encrypt the FormsAuthenticationTicket

string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

// Create the auth cookie for the User

HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
sTicket);

// oCookie.Expires = DateTime.Now.AddHours(4);



I noticed that when I commented out the last line above (since the
expiration is already set in the oAuthTicket creation, I no longer see the
cookie being created on my hard drive ... weird

 

[George Durzi]

Found the workaround. Problem was I needed to destroy the
FormsAuthentication cookie when the user logged out, or closed the browser.
(found out that I couldn't call remove, I had to set the Expires property of
the cookie to a day in the past).

The problem is, Session_End is the only place I can think of to destroy the
cookie when the user closes the browser, but I can't get that to run.

The only think I found that works, is to not manually set the Expires
property of the cookie when first creating it. LEt all that info stay in the
FormsAUthenticationTicket.

enough with all these weirdnesses already