Re: FormsAuthentication cookie refreshing

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Dan" <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:43F164E0-FF6E-4B6A-B60F-BC899E1D5A78@xxxxxxxxxxxxxxxx
Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I
can
test this easily by simply having a hidden iframe and use a javascript
call
to refresh my sites blank page every time the external site loads a page
and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some
reason
this did not cause the cookie to be reset. I had thought that the forms
auth
module would process the request regardless of how it was generated and
thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help
explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan



.

Relevant Pages

  • Re: FormsAuthentication cookie refreshing
    ... 'Without altering the forms auth model, it only extends time when a page is ... how is using xmlhttp to hit the aspx page different to using a normal ... at which point the cookie may have expired. ... you will have to refresh an actual page. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: FormsAuthentication cookie refreshing
    ... at which point the cookie may have expired. ... you will have to refresh an actual page. ... I am trying to refresh the cookie to make sure the timeout is reset by ... understand how XMLHTTPRequest really works at all! ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: WWW-Authenticate: How to force password login at every page refresh ?
    ... > How can I force the page to prompt for a password at every refresh? ... Browsers are designed to work like this so people don't need to ... is use this in combination with a cookie. ... password then you know this is the second request, ...
    (comp.lang.php)
  • Re: FormsAuthentication - Changes in .Net Framework 1.1 ?
    ... Set up an auth page in each project and use forms auth on a project by ... What we have found is the cookie name keys the forms auth in a single domain ... the Login-Mechanism an the redirect works fine. ... > Login-Project: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Problem with cookies
    ... My main problem is that I set cookie's value in Default.aspx, and when I refresh the page or visit another page, I'm unable to retreive cookie's value... ... I think that cookie is only saved between pages refresh instead of having a 'site' cookie... ... When I click on a test button (in a WEb User Control inside the aspx page), cookie value is displayed in Master Page but if I go to another page, no value is displayed... ...
    (microsoft.public.dotnet.framework.aspnet)