Cookies question

J

Joe Fallon

I use forms authentication for my app.
After I log in successfully each request by the browser contains 2 cookies.
One for the SessionID and one for forms authentication which contains my
ticket.

Can someone please explain where these cookies are stored? I think it is in
memory in the browser but am not sure.

Also, some users have stated that they can do the following:
1. Start a browser, hit the site and log in.
2. Start a 2nd browser.
3. Hit the site.
4. BYPASS the log in page and go directly to the Home page.

They claim they can also close all browser sessions, start a new one and
still Bypass the log in page.

How is this possible?
Why would the 2nd browser session have the cookies noted above?

I assume once the authenctication ticket expires in 30 minutes of inactivity
that neither scenario would be possible. They would have to re-log in first.

Thanks for any info on this.

Note: they said they use a link from an Intranet site to open a browser - by
using this it somehow shares the session and cookie. They could not do it by
using separate instances from my desktop.
 
G

Guest

Hi Joe
the cookies are stored in the client machine and have an expired time
Hope this help:)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cookies question 4
Frameset missing cookies 1
'securing' cookies/login info 5
Cookies 0
cookies question 3
Multiple cookies created 3
Session State and cookies 3
Does Forms Authentication require cookies? 4

Members online

No members online now.
Total: 26 (members: 0, guests: 26)
Robots: 430

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top