How to keep cookies after authentication redirect??

[Peter Row]

Hi,

I better get the background stuff out the way first, so here goes:

- Porting a VB6 webclass app to VB.NET using HttpHandlers and
FormsAuthentication
- When someone visits my site unbeknown to them they are automatically
logged in as a guest
via the .NET forms authentication.

PROBLEM:
I need to store a couple of session cookies. But after my
auto-login-as-guest ASPX page has
been called by FormsAuthentication it does an internal redirection to
the page the user actually
asked for (probably the home page) having set a couple of session
cookies.

Any way because the redirect is internal the session cookies never get
sent to the user and also
the redirect causes the HttpContext to be changed hence the session
cookies I just set get lost,
damn it!

I presently have a hack solution which is to set a global variable with
the entire cookie string and
then (with my Asp cookie wrapper class) set it again when I get to the
redirect page using the
global variable. Which works in a single user test environment, but when
multiple users start
hitting the site it is possible that this global variable could get
messed up between users.

HOW TO:
So how do I get these couple of session cookies to stick until they get
to the destination of the
redirect?

Is there any way I could append them to the URL that the
FormsAuthentication sutff redirects
to?

Any help or suggestions would be much appreciated.
Regards,
Peter Row

 

[Hermit Dave]

okay i guess you are using FormsAuthentication.RedirectFromLoginPage() to
return to the original url the user tried to access.
what happens is that RedirectFromLoginPage() method over writes the
cookie...

what you need to do is manually create an authentication ticket... write it
to a cookie... and then do a manual redirect
ie read the querystring for returnURL params and then Response.Redirect if
it in is not "" or return to "/"

i think i did post a part of code a few days back if you want to have a look
at it...

 

[Peter Row]

Hi,

Thanks for the pointers.

I haven't tried it yet but I have put in a :

FormsAuthentication.SetAuthCookie()
Response.Redirect(FormsAuthentications.GetRedirectUrl())

Which on face value looks like it should work fine.

Thanks,
Pete

 

[Hermit Dave]

yeap as long as you are not using RedirectFromLoginPage() but using
Respone.redirect().
the authentication cookie you set should be alright...