forms auth - session timeout - multi domains - POST values

Discussion in 'ASP .Net Security' started by Larry Foulkrod, Apr 12, 2005.

  1. I have several questions.

    1) Does forms authentication store and re-send data intended for the
    secured page via a post request during its redirection to the login page?

    For example, I am a authenticated user filling out a form. I leave my
    computer for a bit and my session times out. I come back and submit the
    form. How is this handled within the forms authentication model?

    2) I have multiple domain names. I persist cookies in the browser once for
    each domain. The user authenticates on www.thisdomain.com but then requests
    a resource on www.thatdomain.com. Will I be able to access the users
    authentication status?
    Larry Foulkrod, Apr 12, 2005
    #1
    1. Advertising

  2. Larry Foulkrod

    Brock Allen Guest

    > For example, I am a authenticated user filling out a form. I leave my
    > computer for a bit and my session times out. I come back and submit
    > the form. How is this handled within the forms authentication model?


    Forms Authentication uses a different cookie than Session, so they are tracked
    independantly. In the scenario you describe, the Session will be gone but
    they will have logged in (barring assumptions in your code about the presence
    of Session that prevents this).

    > 2) I have multiple domain names. I persist cookies in the browser
    > once for each domain. The user authenticates on www.thisdomain.com
    > but then requests a resource on www.thatdomain.com. Will I be able to
    > access the users authentication status?


    Cookies are scoped to the domain, so an ASP.NET authentication cookie issued
    by one won't be visible by another. They'll have to somehow authenticate
    on the second domain to have that cookie issued.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen
    Brock Allen, Apr 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. george d lake

    Forms Auth cross multiple sub domains

    george d lake, Nov 11, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    1,413
  2. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    672
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  3. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    519
    Elton Wang
    Jan 8, 2005
  4. Chris Mohan

    Configuring Windows Auth & Forms Auth in Asp.Net

    Chris Mohan, Apr 28, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    382
    Chris Mohan
    Apr 29, 2004
  5. Forms Auth Info passed to Windows Auth?

    , Apr 28, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    193
    Hernan de Lahitte
    May 3, 2005
Loading...

Share This Page