Re: Bug in forms authentication?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

KMA wrote:
> Maybe I'm being thick, but what have sessions to do with forms
> authentication. Isn't the auth token saved as a cookie. And the cookie is
> shared.
You are right that sessions and form authentication are separated
things. In my application I have tied it together a little. When the
user is logging I create the auth cookie and add to the response. When
logging out the FormsAuthentication.SignOut() and Session.Abandon() are
called.

>
> Try using two different browsers rather than two instances of the same
> browser type.

OK. I've checked this: when I'm connecting from two IE browsers it _is
not OK_, when from two Firefox browsers also _not OK_, but when from one
IE and one Firefox it _is OK_.
Hmm, maybe the auth cookie is shared across the browsers (the same type).
BTW Is there a way to list all cookies stored in memory?

>
> BTW, isn't the displayed functionality the desired case? That users remain
> logged in at the server even if their browser is restarted/doubly launched.

When the server is restarted sessions are lost (I have to use in-proc
sessions) so users can not continue work after the server is restarted
and should login again.

>
> As stated above, I could be a bit thick.
>
>
> "mircu" <mircu@xxxxx> wrote in message
> news:OEw6B1MxFHA.3864@xxxxxxxxxxxxxxxxxxxxxxx
>
>>Peter Rilling wrote:
>>
>>>If you did a ctrl-N, then they are part of the same session and I would
>>>imaging so is the user logged in.
>>
>>A noted in my post that the other browser window was _not_ opened with
>>ctrl-N. I know that then it would be the same session.
>>
>>regards,
>>mircu
>
>
>

regards,
mircu
.

Relevant Pages

  • Re: WWW-Authenticate: How to force password login at every page refresh ?
    ... > How can I force the page to prompt for a password at every refresh? ... Browsers are designed to work like this so people don't need to ... is use this in combination with a cookie. ... password then you know this is the second request, ...
    (comp.lang.php)
  • Re: Different sessions in different windows?
    ... > The title says it all - I'm doing sessions with cookies. ... Some browsers can instantiate ... new windows, others might do it in another manner. ... different way of thinking than the common clientside programming. ...
    (comp.lang.php)
  • Re: Browser DNS balancing effects
    ... curl's cookie support. ... I notice the DNS entry for the ... It could be that my curl requests are hitting a different server each time, ... So what I wondered is how do browsers handle the case of multiple A records? ...
    (uk.comp.os.linux)
  • Re: And so it turns out
    ... all the messages in every thread are new, no matter how many times I ... re-open the group in a new browser window, how many browsers I use, ... that every single message that existed during my first visit had been ... then likely it wasn't a cookie issue (I was suspecting you ...
    (sci.lang)
  • Re: Is it common to use session.use_trans_sid?
    ... they can just steal sessions. ... Just the contents of the session file, not the cookie. ... disabled browsers while not giving away security (since the security is ... probably savvy enough to make an exception for your site. ...
    (comp.lang.php)