Re: using Session with FormsAuthentication
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Wed, 26 Oct 2005 01:30:29 GMT
Hi Senol,
As for your problem, two things should be noticed:
1. For IE browser, it'll start a new session if we launch a new IE windows
by creating a new IE instance rather than derived one from existing IE
window(e.g CTRL+N or ues "File->New->Windows" menu in an existing IE
window). In the latter case, the new windows will share the original
windows(opener )'s session.
2. For cookie, there are generally two kinds of cookies: session cookie and
persistent cookie(non-session). Session cookie's lifecycle is as long as
the browser window which associated with that session, when all those
windows associated with that session is closed , the corresponding session
cookie is also destroyed. for persistent cookie, it'll be persited in the
client computer's cookie storage event when all IE windows are closed. and
next, when user open IE to navigate that site again, the persisted cookie
will be associated by browser again.
ASP.NET Session State use a session cookie to identify sessionId(if not in
cookieless mode). However for formsauthentication, it provide both session
cookie or persistent cookie for the authentication ticket. So for your
scenario, you should choose session cookie as the Formsauthentication's
Authenticate ticket's cookie type so that when user (specific to a session)
close all the associated windows, the formsauthentication's ticket will
also be destroyed as well as the sessionid cookie.
For example, the following code just generate the authenticated user's
authenticate ticket as non-persistent cookie(session cookie)
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("username",fal
se);
Hope helps. Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: using Session with FormsAuthentication
| thread-index: AcXZUSbOu3noMGBDRw+bxpHlItQY+w==
| X-WBNR-Posting-Host: 81.214.84.153
| From: "=?Utf-8?B?xZ5lbm9sIEFrYnVsYWs=?=" <senolakbulak@xxxxxxxxxxxxxxxx>
| References: <08BE12EC-EDCA-486C-997E-CCFFB172E865@xxxxxxxxxxxxx>
<OctMS5U2FHA.3588@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: using Session with FormsAuthentication
| Date: Tue, 25 Oct 2005 03:45:01 -0700
| Lines: 65
| Message-ID: <3090E9D9-51F2-45FB-9F53-9EFB65E52950@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133675
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Antonio;
|
| Thank you for your quick answer.
|
| I want that when user open a new browser, user must login again. How can
I
| make that?
|
| Thank you.
| --
| ______________________________
| Å?enol Akbulak
|
|
| "AF" wrote:
|
| > > Hello;
| > Hi! (answers inline)
| >
| > > I use in my web application FormsAuthentication. Also I use Session
state
| > > (InProc).
| > okay.
| >
| > > When a user logged in, I can read Session parameters. (For example
| > > Session["USER_ID"]). Problem is that, when user close the browser
window then
| > > open a new browser, FormsAuthentication reads from cookie and user
logs in.
| >
| > This is not a problem, this is what it is used for. The cookie you've
built is used to
| > authentify the user automatically.
| >
| >
| > > Althought user logged in, session parameter is null.
| >
| > These are your implementation and your business rules. If you decided
that a logged
| > in user should have a 'USER_ID' session parameter set whil logged, you
need to ensure
| > that when authentication occurs, other parameters are ALSO set.
| >
| > The typical case when using managed authentication is having the
following states:
| >
| > 1) the user connects to the service
| > 2) the user is automatically connected
| > 3) the user is connected but its session parameters are 'empty' (except
for ID)
| > 4) the application detects the user is valid but session has not been
prepared yet
| > 5) the application finishes preparing the session
| > 6) the user is then ready to browse the service and redirected to the
desired document
| >
| > You are currently at step 3 of the process. Best thing should be to add
some information
| > into the session when it gets validated and check for its existence:
| >
| > if(User.IsLoggedIn())
| > {
| > if(!(MyUtils.GetSessionValue("ready").Equals"ok"))
| > {
| > Session["USER_ID"] = GetUserId();
| > Session["USER_EMAIL"] = GetUserEmail();
| > .....
| > }
| > }
| >
| >
| >
| > Antonio Fontes
| > http://www.futureblogs.net/antonio
| >
| >
| >
|
.
- References:
- Re: using Session with FormsAuthentication
- From: AF
- Re: using Session with FormsAuthentication
- From: Şenol Akbulak
- Re: using Session with FormsAuthentication
- Prev by Date: Are there bugs or something in the Webclient class?
- Next by Date: Re: how to use filestream?
- Previous by thread: Re: using Session with FormsAuthentication
- Next by thread: Dynamic titles for datagrid columns
- Index(es):
Relevant Pages
|
