ASP.NET 2.0 RTM breaks FormsAuthentication.SetAuthCookie cookie

B

Bill Henning

Another developer and I have noticed that after upgrading to the ASP.NET 2.0
RTM release, when using:
FormsAuthentication.SetAuthCookie(userName, true)

That the cookie is no longer persisted, even though the flag is set to true
in my call. This only started happening after upgrading from Beta 2 to RTM.
Has anyone else seen this or does anyone else have a workaround?

Thanks,
Bill
 
S

sa.cesare

That's a known bug,search weblogs.asp.net for info.It create 20min
cookie instead.

Reagards.
 
B

Bill Henning

Could you provide a link for me? I searched bug couldn't find anything on
the topic. I might be searching in the wrong place. Thanks!

Bill
 
B

bob

That's a known bug,search weblogs.asp.net for info.It create 20min
cookie instead.

Does anybody know a work-around for this problem? It is killing me.

RHJ4
 
S

sa.cesare

Use GetAuthCookie() cookie youself and make it persistent;-)and don't
forget to add it to cookies collection.

Reagards.
 
K

King Adrock

Heres the official bug description -
http://lab.msdn.microsoft.com/produ...edbackid=3d3568a8-1000-430e-a3b8-40596bc7197d

Full code for workaround -
http://lab.msdn.microsoft.com/productfeedback/ViewWorkaround.aspx?FeedbackID=FDBK31991#1

protected void Login1_LoggedIn(object sender, EventArgs e)
{
if ((sender as Login).RememberMeSet)
{
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(
2,
(sender as Login).UserName,
DateTime.Now,
DateTime.Now.AddYears(50),
true,
"",
FormsAuthentication.FormsCookiePath);
string ticketEncrypted = FormsAuthentication.Encrypt(ticket);

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
ticketEncrypted);
cookie.HttpOnly = true;
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Secure = FormsAuthentication.RequireSSL;
cookie.Expires = ticket.Expiration;

Response.Cookies.Clear();
Response.Cookies.Add(cookie);
}
}


Not happy, this is one of a few things going wrong with RTM on my list
 
B

Bill Henning

I'm confused... in that, Microsoft said it happened in Beta 2 as well but
everything worked fine in Beta 2. Do they still consider this a bug that
will be fixed? It really sucks not having this capability any more. What a
bad user experience it causes for my customers.
 
E

Erik Funkenbusch


Actually, the workaround is simply to use a large timeout value in your
web.config. No need for this code at all.

This is just a new default for the persistent session, that's all. You can
override it without any new code.

<system.web>
<authentication mode="Forms">
<forms timeout="{some big number in minutes}"/>
</authentication>
</system.web>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,479
Members
44,900
Latest member
Nell636132

Latest Threads

Top