Duplicate cookies in ASP.NET

C

Chris...

I have an application that works just fine under normal conditions.
But... When I run it through a "SSL Consentrator" (From Array
Network), it starts to send me several (Request) cookies with the same
name after the application has performed a "SignOut" - One with a
"correct value" and one more that is blank. If I try to use/handle the
"correct cookie" (Looping through the cookies), the application does
not work properly, and if i try to sign out once more - I end up with
3 simular cookies -It generates one more empty cookie for each time I
perform a "SignOut". The only solution that works, is if the user
closes the browser, and open a new one.

I am wondering if it is the box from Array that does not handle
cookies correctly, but...

Has anyone seen anything simular?


Chris...
 
G

George Ter-Saakov

I am not familiar with "SSL Consentrator"
How do you perform SignOut?

As i recall this result can be from incorrect attempt to erase cookies.
To erase cookies set expiration days to negative number.

If you set the value to empty then it will be acting like you described.

George.
 
C

Chris...

Hi George,

A "SSL Consentrator" is a hardware "SSL consentrator" that works like
a "channel" for internal/intranett webapplications. It is typically
used in combination with a firewall. It has enabled
Radius-authentication, and will ensure that all traffic is
SSL-Encrypted - even if it is not internally (Eg: The Intranett site).
This is a more secure way to access internal resources than the normal
"VPN-Tunnel" that will normally give you "too much", and potentially
the external desktop has viruses that will spread to the internal
network. Metaframe (Citrix) also has a webbased module that can be
used as an "Active-X Control", so you are able to work with
applications that are not webbased... in a web browser... SSL
Encrypted....

I use "FormsAuthentication.SignOut();". I'll go through my code and
verify that the cookie-handling does set an expiration to an negative
number.

The strange part is that it works when I do not use the SSL-Encryptor
in between... So the cookie-handling normally works...

It might be that IE does a more intelligent handling of cookies than
the SSL-Consentrator (The client has an session with the consentrator,
and the consentrator has its own session toward my application...)

Chris...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

cookies in asp.net 2
Cookies 1
how asp.net set cookies? (http level) 1
Me.Context.Request.Cookies value doesn't match what's in cookies file 1
Reading cookies in both ASP and ASP.NET pages 3
Issue with passing fetched data to POST form. How can I? 0
'securing' cookies/login info 5
How to keep cookies when making http requests (Python 2.7) 8

Members online

Total: 23 (members: 4, guests: 19)
Robots: 312

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top