Re: newbie question on forms auth with custom data

hi keith,
i was thinking you could set the cookie expiration to your session timeout value, to maintain consistency. you could add code to your logout routine to remove the cookie. it isn't "integrated" like the approach in the docs, but if that way was causing neural overload then it would be an option at least.
tim


"Keith" <kstay1@xxxxxxxxxxxx> wrote in message news:1170032696.728857.209580@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Tim,
Thanks for the reply. This custom data is valid only for the "logged
in user", and so it must expire when the ticket does - so I was
thinking they needed to be together. Does that make sense or am I
just not getting it?

On Jan 27, 6:50 pm, "Tim Mackey" <tim.mac...@xxxxxxxxxxxxxxxx> wrote:
hi keith,
sounds like a simple cookie may be the easiest option?
obviously it isn't integrated with the sign-in process, but it may solve the
problem.

tim

"Keith" <kst...@xxxxxxxxxxxx> wrote in messagenews:1169829337.892490.236530@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



>I have a simple app that uses "simple"formsauthand works quite
> nicely. Now all I want to add is the ability to store a handful of
> custom data in theauthticket and am very confused about how to do so.
> I tried sticking it in a session variable (I come from old asp) but of
> course the session and tickets don't expire at the same time...argh.

> I am authenticating the user against my a mySQL database using:
> ---
> FormsAuthentication.SetAuthCookie(txtUserName.Text, True)
> and
> FormsAuthentication.SignOut()
> ---
> It works great, but the docs I have read talk about using global.asax
> and the prinicpal and encrypt/decrypting cookies and my head starts to
> get fuzzy.

> Can someone supply some sample code to store (and then retrieve) some
> custom data from theauthticket?- Hide quoted text -- Show quoted text -


.

Relevant Pages

  • Re: [PHP] module and access rights
    ... > so you store in your cookie the username and the check string. ... How, exactly, is that any more secure than a standard session identifier? ... >> because i can store in DB the sessionID, and check it to every DB ...
    (php.general)
  • Re: How to do forms authentication with cookieless=UseUri?
    ... forms authentication create a login ticket and stores it in a cookie or the ... session also creates a session ticket and stores it in a cookie or the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: [PHP] module and access rights
    ... but i would be very glad to know how can i REALLY authenticate the user. ... for example, user is logged, so i have in the cookie his login name. ... >> regarding how to store user login and password. ... > in the session - that's as secure as it's gonna get. ...
    (php.general)
  • Re: [PHP] module and access rights
    ... so you store in your cookie the username and the check string. ... for example, user is logged, so i have in the cookie his login name. ... >>> i will use those stored data to check if logged user can have access ... >> in the session - that's as secure as it's gonna get. ...
    (php.general)
  • Re: pls help w/cookies.......
    ... >but how do you do it when you have a form w/lots of info user has to ... You store the information somewhere on the server side, ... use the cookie to retrieve the stored information when needed. ... So, if the session attributes can do the thing for you, the servlet engine ...
    (comp.lang.java.help)
Loading