FormsAuthentication

G

Grant Merwitz

Hi, i am using forms authentication in an ASP.NET project

I am setting the Forms authentication cookie by using:
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);

Now when i review my trace on my page, there are two cookies created that
look identical.
When i FormsAuthentication.SignOut() they both dissappear.

Any ideas as to why two cookies are created?

TIA

P.S. Sorry for the double post, i thought this was more relevant in the
..security newsgroup
 
J

jjardine

Grant Merwitz said:
Hi, i am using forms authentication in an ASP.NET project

I am setting the Forms authentication cookie by using:
FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);

Now when i review my trace on my page, there are two cookies created that
look identical.
When i FormsAuthentication.SignOut() they both dissappear.

Any ideas as to why two cookies are created?

TIA

P.S. Sorry for the double post, i thought this was more relevant in the
.security newsgroup
Click to expand...

I am not sure why they do this. It might be for tighter security and to
help stop cookie poisoning or some other form of attach on the cookies.
 
H

Hernan de Lahitte

It should be only one cookie (non persistent) per Forms session.
Check out if you perhaps did some testing with persist=true parameter of
RedirectFromLoginPage function and the you might have an old persistent
cookie from that testing session.
 
G

Grant Merwitz

can't be.

When i log out, using FormsAuthentication.SignOut();

both cookies disappear from the cookies collection.
Then when i sign in again, both reappear.

This application is set up as a virtual directory. Could that have something
to do with it?
 
H

Hernan de Lahitte

Do you have any code sample of your login page and any other section that
you may dealing with Forms Authentication or your Principal object ? (cookie
handling as well )
 
G

Grant Merwitz

excuse the late response

i actually realised it was only when my application was running as a virtual
directory.
When i changed it to be the root directory, the second cookie suddenly
disappeared.

strange
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

formsauthentication 2
FormsAuthentication Session Cookie 1
strange Formsauthentication behavior 1
FormsAuthentication Timeout not reset 2
FormsAuthentication and Redirection fails 7
FormsAuthentication & createPersistentCookie 5
FormsAuthentication Encrypt/Decrypt Problem/Issue 0
simple FormsAuthentication in a secure environment 0

Members online

Total: 52 (members: 1, guests: 51)
Robots: 477

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,813
Latest member
lawrwtwinkle111

Latest Threads

Top