Forms Authentication without a Cookie?

[Harry Whitehouse]

I've got a fairly simple forms authentication project (a login page and a
single secure page), but a number of users (~25%) can't seem to get past the
login.aspx step. I theorized that this might have to do with their
browser's cookie setting.

I had been using cookies to store session state and logon parameters (user
option), but I completely eliminated them using the SQLServer session
management approach. But now, with my test browser set on "prompt" for
cookies, I still get a message that my login page is trying to set a cookie.

I gather it's from this statement:

FormsAuthentication.RedirectFromLoginPage(UserSerialNo.Text,
false);

If I accept the cookie, I move on to the secure page. If I don't, I end up
staying on the login.aspx page. I think that's what might be happening with
some of the users who attempt to access this page (even though most say
their browsers accept cookies).

Any thoughts here? Is there any way to have an authentication scheme
without cookies? Might something else be throwing my users?

TIA

Harry

 

[Steve C. Orr, MCSD]

In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

 

[Harry Whitehouse]

Steve -- Thanks for replying!

I had set that parameter, but had that one last cookie write attempt
nonetheless!

Harry

 

[Harry Whitehouse]

Ken -- Thanks for this. I had not seen this article!

Harry

 

[Harry Whitehouse]

John -- Good suggestion! I'll give that a try!

Harry

 

[Steve C. Orr, MCSD]

Yes, it will still try to use cookies even if you have this setting.
But the cookie is not required for the authentication to work. So if the
cookie is not successfully written then it should still work.