Form Validation/SessionID changes

J

Jeff White

Hi All,
I've got an Asp.Net application, I've set the loginurl to "login.aspx"
and my validation is working fine. However, after I log in and navigate to
"default.aspx" (or whatever page) my session is being reset.

I create and set some session variables during my login procedure and these
are all getting reset. Also, once I try to navigate to any other page
besides the original page, I am prompted to log in again (This second login
does NOT reset my session.)

I was originally under the impression that it would only happen when
navigating to sub-directories, but this is not the case, I've moved
everything into the root.

I have the basics set up in my web.config:
<authentication mode="Forms">
<forms loginUrl="login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>

Any help would be greatly appreciated!
 
M

[MSFT]

Hi Jeff,

By default, these behavious won't occur with a Form authentication. Would
you please post the code for the login procedure? Additionally, did you
change the Session object's property any where, for example, mode or
cookieless?

Luke
 
J

Jeff White

Hi Luke,
Here is my login procedure (and accompanying code) I have removed some
of my database code for this forum, if you need to see, please let me know.

I have all session settings at default, and only set any session variables
in the code below.


<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

Thanks for your help!

CODE BEGINS HERE
----------------------------------------------------------------------------
-----------------------------------------------
Private Sub butLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles butLogin.Click
Me.pnlPassword.Visible = False
Me.litMessage.Text = "<FONT COLOR='BLUE'>Validating
Credentials</FONT>"
Me.litMessage.Visible = True
If ValidateLogin() Then
BuildSessionVariables()
Me.litMessage.Text = "<FONT COLOR='GREEN'>WELCOME!</FONT>"

FormsAuthentication.SetAuthCookie(UserID.Text, False, "/*")
FormsAuthentication.RedirectFromLoginPage(UserID.Text, False)
Else
Me.pnlPassword.Visible = True
Me.litMessage.Text = "<FONT COLOR='RED'>Error logging in, invalid
credentials</FONT>"
End If
End Sub


Private Function ValidateLogin() As Boolean
Try
[DATABASE VALIDATION CODE]
UserRow = sTblValidate.Rows(0)
myUser = New MySiteUser
UserRow = sTblValidate.Rows(0)

If sTblValidate.Rows.Count > 0 Then
With UserRow
myUser.UserUID = IIf(.IsNull("user_id"), "",
..Item("user_id"))
[ADDITIONAL PROPERTY SETTINGS]
End With
Session.Item("myUser") = myUser
Return True
Else
Return False
End If

Catch ex As Exception
Me.litMessage.Text = "Error: " & ex.Message
End Try

End Function


Private Sub BuildSessionVariables()
Session.Item("MenuXML") = BuildMenu()
End Sub

Private Function BuildMenu() As String
Dim strTempMenu As String
Try
strTempMenu = "<Menu CssFile='" & Session.Item("webaddress") & _
"/Menu/menu.css' ImagesBaseDir='" &
Session.Item("webaddress") & "/Menu/images/'>"
strTempMenu += "<Group>"


strTempMenu += _
" <Item Label='Logged in as (" & myUser.Called.ToString & ")
'>" _
+ " <Group><Item Label='Log out' Href='" &
Session.Item("webaddress") _
+ "/Identification/logout.aspx'/></Group></Item>" _
+ " <Item Label='Lists'>" _
+ " <Group>" _
+ " <Item Label='My List' Href='" &
Session.Item("webaddress") _
+ "/mylist.aspx?userid=" &
myCrypt.EncryptString(myUser.UserUID) & "'/>" _
+ " </Group>" _
+ " </Item>"

strTempMenu += _
" <Item Label='Actions'>" _
+ " <Group>" _
+ " <Item Label='Return To Front page' Href='" &
Session.Item("webaddress") & "'/>" _
+ " <Item Label='Add To My List'/>" _
+ " <Item Label='Suggest A Gift'/>" _
+ " <Item Label='See my shopping list'/>" _
+ " <Item Label='Give Feedback'/>" _
+ " <Item Label='View/Edit My Profile' Href='" &
Session.Item("webaddress") & "/Identification/Profile.aspx'/>" _
+ " </Group>" _
+ " </Item>"

strTempMenu += "</Group></Menu>"
Catch ex As Exception
strTempMenu = "<Menu><Group><Item Label='" & ex.Message &
"'/></Group></Menu>"
Finally
End Try
Return strTempMenu
End Function
 
M

[MSFT]

Hi Jeff,

I have studied the code and all of them seems be fine, except that:

FormsAuthentication.SetAuthCookie(UserID.Text, False, "/*")

Normally, we don't need to do this in code. You may remove this line ans
test again to see if this will help.

And here is a good sample for form authentication:

How To Implement Forms-Based Authentication in Your ASP.NET Application by
Using C# .NET
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q301240

Luke
 
J

Jeff White

Hi Luke,
Thanks for your replies, they confirmed that my code was mostly right. I
did find a bug in my code where I set my "webaddress" session variable. I
was using a slightly different domain name, which was causing a new session
to be created. I read a posting earlier about a similar issue and didn't
realize I had commited the same error.

Thanks again!
Jeff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

anonymous access for one page 2
Login Control Security HELP 1
location path not functioning within web.config -- no images/css 0
winform security: strange error, where as I expected a redirect 2
how to force to login.aspx first? 3
Single sign on across domain 3
Crazy Logouts 0
Forms authentication 4

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 429

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top