Authentication cookie

Discussion in 'ASP .Net Security' started by Arne Garvander, Sep 25, 2008.

  1. I log in to my favorite site. I get an authentication cookie. I get
    redirected to the default page.
    I leave my site without loggin out. I got to some other website.
    I go back to my favorite site's default page within 20 minutes.
    My authentication cookie is still there and I can go right in!
    My favourite bank site has the same problem.

    --
    Arne Garvander
    (I program VB.Net for fun and C# to get paid. When get paid, I laugh all the
    way to the bank.)
     
    Arne Garvander, Sep 25, 2008
    #1
    1. Advertising

  2. Arne Garvander

    Joe Kaplan Guest

    Why do you believe this is a problem? It sounds like you are seeing the
    expected behavior of a session cookie in a web browser. They are held in
    memory and are sent back to the site that issued them, depending the
    parameters sent in the Set-Cookie header and the browser's security
    settings.

    The reason why many sites have a logout function is to clear the data in
    that cookie so that it does not authenticate the user anymore. If you don't
    execute the request that results in the cookie being changed, it will not be
    changed.

    Joe K.
    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Arne Garvander" <> wrote in message
    news:...
    >I log in to my favorite site. I get an authentication cookie. I get
    > redirected to the default page.
    > I leave my site without loggin out. I got to some other website.
    > I go back to my favorite site's default page within 20 minutes.
    > My authentication cookie is still there and I can go right in!
    > My favourite bank site has the same problem.
    >
    > --
    > Arne Garvander
    > (I program VB.Net for fun and C# to get paid. When get paid, I laugh all
    > the
    > way to the bank.)
     
    Joe Kaplan, Sep 25, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben
    Replies:
    3
    Views:
    5,863
    Steven Cheng[MSFT]
    Jun 3, 2004
  2. Shapper

    Cookie and Session Cookie Questions.

    Shapper, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    578
  3. Joseph

    authentication cookie vs session cookie

    Joseph, Aug 8, 2003, in forum: ASP .Net Security
    Replies:
    4
    Views:
    394
    Yan-Hong Huang[MSFT]
    Aug 12, 2003
  4. rgouge

    Forms Authentication and Authentication Cookie

    rgouge, Jun 20, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    235
    Dominick Baier [DevelopMentor]
    Jun 20, 2005
  5. Eric
    Replies:
    2
    Views:
    560
Loading...

Share This Page