J
Jeff
I'm having some trouble implementing Forms Authentication and using
Session variables...
If i just turn on Forms Auth and don't set up any roles (Don't setup a
GenericPrincipal, and dont assign the Context.User) everything works
fine. I can keep my Auth Cookie, and Session timed in sync and i have
no issues.
NOW however as soon as i set a GenericPrincipal for my user and assign
Context.User to that principal everything goes to heck. It acts as
though my Auth Ticket doesn't expire... So what i get after i wait
20min (session timeout)is my session is dead, however in my
Application_AuthenticateRequest event, the auth cookie (that should've
expired) is available and i assign the principal... i don't get
redirected to my login page. Now when my pages load they try to access
a session variable, but Ooops, not there and i blow up.
In my AuthenticateRequest Event, i have :
Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim roles As String()
Dim formsID As FormsIdentity
Dim principal As GenericPrincipal
cook = Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
If Not cook Is Nothing Then
ticket =
System.Web.Security.FormsAuthentication.Decrypt(cook.Value)
roles = ticket.UserData.Split(roleDelimiter)
formsID = New FormsIdentity(ticket)
principal = New GenericPrincipal(formsID, roles)
Context.User = principal
end if
--- Now if i comment out the "Context.User = principal" line it works
as i'd expect...
thanks for any help
jeffpriz
Session variables...
If i just turn on Forms Auth and don't set up any roles (Don't setup a
GenericPrincipal, and dont assign the Context.User) everything works
fine. I can keep my Auth Cookie, and Session timed in sync and i have
no issues.
NOW however as soon as i set a GenericPrincipal for my user and assign
Context.User to that principal everything goes to heck. It acts as
though my Auth Ticket doesn't expire... So what i get after i wait
20min (session timeout)is my session is dead, however in my
Application_AuthenticateRequest event, the auth cookie (that should've
expired) is available and i assign the principal... i don't get
redirected to my login page. Now when my pages load they try to access
a session variable, but Ooops, not there and i blow up.
In my AuthenticateRequest Event, i have :
Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim roles As String()
Dim formsID As FormsIdentity
Dim principal As GenericPrincipal
cook = Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
If Not cook Is Nothing Then
ticket =
System.Web.Security.FormsAuthentication.Decrypt(cook.Value)
roles = ticket.UserData.Split(roleDelimiter)
formsID = New FormsIdentity(ticket)
principal = New GenericPrincipal(formsID, roles)
Context.User = principal
end if
--- Now if i comment out the "Context.User = principal" line it works
as i'd expect...
thanks for any help
jeffpriz