Re: persistant cookie, what is it?

Why don't you use Session State? It behaves exactly the same (except for
timing out), and in fact, when it uses cookies, it uses a non-persistent
("session") cookie to identify the client.

More information: All you need to do to not persist a cookie is not to set
the Expiration property. This creates a session cookie on the client, which
is not stored in the file system, but in browser memory. The difference
between using a session cookie on the client,and using Session State, is
that Session State times out. The client session cookie will remain on the
client until the domain is navigated away from, or the browser is closed.

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Who is Mighty Abbott?
A twin turret scalawag.

"Edwin Knoppert" <news@xxxxxxxxxxxxxx> wrote in message
news:43de087e$0$12833$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>I have checked, my options guides me to the folder: .....Local
>Settings\Temporary Internet Files
> I cleaned most of it, cookies do not show a name i used for test: <forms
> name="AuthCookie_logintest1" ...
> I assume the cookie *filename* contains the forms name somehow?
>
> Yes, i'm using roles, it all works out fine, i checked with isinrole() on
> a 2nd webpage.
> To authenicate i'm using:
>
> Dim authTicket As FormsAuthenticationTicket = New
> FormsAuthenticationTicket(1, sUserName, DateTime.Now, Expiration,
> bIsPersistant, sRoles)
> Where bIsPersistant is false (checked).
>
> I even terminated the local webserver, the one executed by VWD.
>
> But since i do not persist, i don't think there is a filename right?
>
>
> "Patrice" <a@xxxx> schreef in bericht
> news:OUd1BWZJGHA.3408@xxxxxxxxxxxxxxxxxxxxxxx
>> You can see the cookies for the site in the browser options to make sure
>> this is not another problem (for example an non protected page)..
>>
>> --
>> Patrice
>>
>> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> a écrit dans le message de
>> news:43ddf678$0$12843$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>> tested again, indeed, even while i have persistance set to false, on
>> browser
>>> restart it never passes the login page.
>>>
>>>
>>> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> schreef in bericht
>>> news:43ddf3fb$0$12849$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>> > Well it does..
>>> >
>>> > And indeed i mean run, close the browser, and run again.
>>> > But then this was all tested in the VWD environment.
>>> >
>>> > What you are telling me is what i expected.
>>> > In our case we might choose for non-persistance.
>>> >
>>> >
>>> > "Patrice" <a@xxxx> schreef in bericht
>>> > news:OC1VTrYJGHA.1728@xxxxxxxxxxxxxxxxxxxxxxx
>>> >> What do you mean by "close" ? A non persistant cookie shouldn't
>>> >> survive
>>> >> when
>>> >> the browser is closed and launched again (unlike a persistant
>> cookie)...
>>> >>
>>> >> --
>>> >>
>>> >> Patrice
>>> >>
>>> >> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> a écrit dans le message de
>>> >> news:43ddeb0e$0$12848$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>> >>> I have searched but info is limitted.
>>> >>>
>>> >>> In my test app i used a non persistant cookie for forms
>> authentication.
>>> >>> slidingExpiration is set to true
>>> >>>
>>> >>> On run and close and rerun the login remains ok.
>>> >>>
>>> >>> I have a time-out of one minute and indeed, it directs me to the
>>> >>> login
>>> >>> if
>>> >> i
>>> >>> wait to long.
>>> >>> The slidingExpiration does it's work also.
>>> >>>
>>> >>> So were is this persistance for?
>>> >>>
>>> >>> Thanks,
>>> >>>
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >
>>> >
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Bypass Authentication
    ... Set-Cookie get established on the Client upon a Successful logon. ... planning on capturing the cookie on Location 3. ... Upon Launching the browser ... "Joe Kaplan" wrote: ...
    (microsoft.public.dotnet.security)
  • Re: Bypass Authentication
    ... For the second question, it may be the case that there is a cookie, but it ... Joe Kaplan-MS MVP Directory Services Programming ... turn creates a cookie on the client and launch the browser, ... cookie already on the local client that the browser would then send. ...
    (microsoft.public.dotnet.security)
  • Re: Session variables and POST method
    ... Peter Foti wrote: ... Where does the data get put for the client to handle for things ... > not on the client or browser. ... > is stores the cookie). ...
    (microsoft.public.inetserver.asp.general)
  • Re: is the HTTPCONTEXT.current.user content encrypted with session state??
    ... Session state is not sent to the client - only a cookie is sent to the client ... > rights for the current user alone with the roles. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to configure IE using Javascript
    ... You cannot modify security settings via javascript. ... you can not modify cookie settings. ... security issues for client and browser should keep safe client side. ...
    (microsoft.public.scripting.jscript)