Re: persistant cookie, what is it?
- From: "Edwin Knoppert" <info@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Jan 2006 23:20:42 +0100
I'll look into that tomorrow.
I had a heavy discussion last week that colleagues of mine are misusing
session variables.
I don't want, if the session expires, the user get's bothered to log in
again.
I know, authentication is NOT session related, but my colleagues are
misusing the session object to store a user id into.
I have hard time to talk them into better use.
If the session expires and your o so precious variable got lost, make sure
you reload it and let the client continue with it's request.
But.. i got warned that they don't want to keep authentication 'open' for a
long period of time.
I used to set a month ahead and the auto-expire-increase stuff (forgot) so
the user was never bothered with a login again.
But now they want to use a time-out and force a login.
So i tested it today how it behavious.
Fine by me, important to me is that they should understand the session stuff
first.
Am i right on this?
"Kevin Spencer" <kevin@xxxxxxxxxxxxxxxxxxxxxxxxxx> schreef in bericht
news:%23%23$LofcJGHA.3064@xxxxxxxxxxxxxxxxxxxxxxx
> Why don't you use Session State? It behaves exactly the same (except for
> timing out), and in fact, when it uses cookies, it uses a non-persistent
> ("session") cookie to identify the client.
>
> More information: All you need to do to not persist a cookie is not to set
> the Expiration property. This creates a session cookie on the client,
> which is not stored in the file system, but in browser memory. The
> difference between using a session cookie on the client,and using Session
> State, is that Session State times out. The client session cookie will
> remain on the client until the domain is navigated away from, or the
> browser is closed.
>
> --
> HTH,
>
> Kevin Spencer
> Microsoft MVP
> .Net Developer
> Who is Mighty Abbott?
> A twin turret scalawag.
>
> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> wrote in message
> news:43de087e$0$12833$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>I have checked, my options guides me to the folder: .....Local
>>Settings\Temporary Internet Files
>> I cleaned most of it, cookies do not show a name i used for test: <forms
>> name="AuthCookie_logintest1" ...
>> I assume the cookie *filename* contains the forms name somehow?
>>
>> Yes, i'm using roles, it all works out fine, i checked with isinrole() on
>> a 2nd webpage.
>> To authenicate i'm using:
>>
>> Dim authTicket As FormsAuthenticationTicket = New
>> FormsAuthenticationTicket(1, sUserName, DateTime.Now, Expiration,
>> bIsPersistant, sRoles)
>> Where bIsPersistant is false (checked).
>>
>> I even terminated the local webserver, the one executed by VWD.
>>
>> But since i do not persist, i don't think there is a filename right?
>>
>>
>> "Patrice" <a@xxxx> schreef in bericht
>> news:OUd1BWZJGHA.3408@xxxxxxxxxxxxxxxxxxxxxxx
>>> You can see the cookies for the site in the browser options to make sure
>>> this is not another problem (for example an non protected page)..
>>>
>>> --
>>> Patrice
>>>
>>> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> a écrit dans le message de
>>> news:43ddf678$0$12843$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>>> tested again, indeed, even while i have persistance set to false, on
>>> browser
>>>> restart it never passes the login page.
>>>>
>>>>
>>>> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> schreef in bericht
>>>> news:43ddf3fb$0$12849$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>>> > Well it does..
>>>> >
>>>> > And indeed i mean run, close the browser, and run again.
>>>> > But then this was all tested in the VWD environment.
>>>> >
>>>> > What you are telling me is what i expected.
>>>> > In our case we might choose for non-persistance.
>>>> >
>>>> >
>>>> > "Patrice" <a@xxxx> schreef in bericht
>>>> > news:OC1VTrYJGHA.1728@xxxxxxxxxxxxxxxxxxxxxxx
>>>> >> What do you mean by "close" ? A non persistant cookie shouldn't
>>>> >> survive
>>>> >> when
>>>> >> the browser is closed and launched again (unlike a persistant
>>> cookie)...
>>>> >>
>>>> >> --
>>>> >>
>>>> >> Patrice
>>>> >>
>>>> >> "Edwin Knoppert" <news@xxxxxxxxxxxxxx> a écrit dans le message de
>>>> >> news:43ddeb0e$0$12848$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
>>>> >>> I have searched but info is limitted.
>>>> >>>
>>>> >>> In my test app i used a non persistant cookie for forms
>>> authentication.
>>>> >>> slidingExpiration is set to true
>>>> >>>
>>>> >>> On run and close and rerun the login remains ok.
>>>> >>>
>>>> >>> I have a time-out of one minute and indeed, it directs me to the
>>>> >>> login
>>>> >>> if
>>>> >> i
>>>> >>> wait to long.
>>>> >>> The slidingExpiration does it's work also.
>>>> >>>
>>>> >>> So were is this persistance for?
>>>> >>>
>>>> >>> Thanks,
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: persistant cookie, what is it?
- From: Kevin Spencer
- Re: persistant cookie, what is it?
- References:
- persistant cookie, what is it?
- From: Edwin Knoppert
- Re: persistant cookie, what is it?
- From: Patrice
- Re: persistant cookie, what is it?
- From: Edwin Knoppert
- Re: persistant cookie, what is it?
- From: Edwin Knoppert
- Re: persistant cookie, what is it?
- From: Patrice
- Re: persistant cookie, what is it?
- From: Edwin Knoppert
- Re: persistant cookie, what is it?
- From: Kevin Spencer
- persistant cookie, what is it?
- Prev by Date: Re: Original Bin Path?
- Next by Date: Re: CreateUserWizard - how clean up data before accepted?
- Previous by thread: Re: persistant cookie, what is it?
- Next by thread: Re: persistant cookie, what is it?
- Index(es):
Relevant Pages
|
