forms authentication cookie changes

Discussion in 'ASP .Net Security' started by Andy Fish, Jul 21, 2005.

  1. Andy Fish

    Andy Fish Guest

    Hi all,

    For reasons I would rather not go into, I sometimes need to get the value of
    the forms authentication cookie and use it later when submitting another
    request to the server.

    mostly this works fine but sometimes it seems that the server decides to
    change the forms authentication cookie (in contrast to the session cookie
    which stays the same the whole time the session is in existence).

    note that this is not happening because the authentication timeout has
    expired. I am still logged on as the same user and have the same session;
    it's just that the cookie value has changed.

    Can anyone explain why and how this happens, and if there is any way I can
    control (or disable) this behaviour?

    TIA

    Andy
     
    Andy Fish, Jul 21, 2005
    #1
    1. Advertising

  2. Hello Andy,

    FormsAuth issues a new cookie after timeout/2. That's the behaviour when
    you have sliding expiration enabled.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi all,
    >
    > For reasons I would rather not go into, I sometimes need to get the
    > value of the forms authentication cookie and use it later when
    > submitting another request to the server.
    >
    > mostly this works fine but sometimes it seems that the server decides
    > to change the forms authentication cookie (in contrast to the session
    > cookie which stays the same the whole time the session is in
    > existence).
    >
    > note that this is not happening because the authentication timeout has
    > expired. I am still logged on as the same user and have the same
    > session; it's just that the cookie value has changed.
    >
    > Can anyone explain why and how this happens, and if there is any way I
    > can control (or disable) this behaviour?
    >
    > TIA
    >
    > Andy
    >
     
    Dominick Baier [DevelopMentor], Jul 21, 2005
    #2
    1. Advertising

  3. Andy Fish

    Andy Fish Guest

    Thanks Dominick.

    I knew it re-sent the cookie after half the timeout but I didn't realise it
    would generate a new one.

    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Andy,
    >
    > FormsAuth issues a new cookie after timeout/2. That's the behaviour when
    > you have sliding expiration enabled.
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> Hi all,
    >>
    >> For reasons I would rather not go into, I sometimes need to get the
    >> value of the forms authentication cookie and use it later when
    >> submitting another request to the server.
    >>
    >> mostly this works fine but sometimes it seems that the server decides
    >> to change the forms authentication cookie (in contrast to the session
    >> cookie which stays the same the whole time the session is in
    >> existence).
    >>
    >> note that this is not happening because the authentication timeout has
    >> expired. I am still logged on as the same user and have the same
    >> session; it's just that the cookie value has changed.
    >>
    >> Can anyone explain why and how this happens, and if there is any way I
    >> can control (or disable) this behaviour?
    >>
    >> TIA
    >>
    >> Andy
    >>

    >
    >
    >
     
    Andy Fish, Jul 22, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,484
    Tommy
    Feb 13, 2004
  2. Joseph

    authentication cookie vs session cookie

    Joseph, Aug 8, 2003, in forum: ASP .Net Security
    Replies:
    4
    Views:
    394
    Yan-Hong Huang[MSFT]
    Aug 12, 2003
  3. rgouge

    Forms Authentication and Authentication Cookie

    rgouge, Jun 20, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    235
    Dominick Baier [DevelopMentor]
    Jun 20, 2005
  4. Eric
    Replies:
    2
    Views:
    540
  5. am
    Replies:
    0
    Views:
    155
Loading...

Share This Page