FormsAuth and Sessions Troubles...

Discussion in 'ASP .Net Security' started by Jeff, Aug 20, 2003.

  1. Jeff

    Jeff Guest

    I'm having some trouble implementing Forms Authentication and using
    Session variables...
    If i just turn on Forms Auth and don't set up any roles (Don't setup a
    GenericPrincipal, and dont assign the Context.User) everything works
    fine. I can keep my Auth Cookie, and Session timed in sync and i have
    no issues.
    NOW however as soon as i set a GenericPrincipal for my user and assign
    Context.User to that principal everything goes to heck. It acts as
    though my Auth Ticket doesn't expire... So what i get after i wait
    20min (session timeout)is my session is dead, however in my
    Application_AuthenticateRequest event, the auth cookie (that should've
    expired) is available and i assign the principal... i don't get
    redirected to my login page. Now when my pages load they try to access
    a session variable, but Ooops, not there and i blow up.

    In my AuthenticateRequest Event, i have :

    Dim ticket As System.Web.Security.FormsAuthenticationTicket
    Dim roles As String()
    Dim formsID As FormsIdentity
    Dim principal As GenericPrincipal

    cook = Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
    If Not cook Is Nothing Then

    ticket =
    System.Web.Security.FormsAuthentication.Decrypt(cook.Value)

    roles = ticket.UserData.Split(roleDelimiter)

    formsID = New FormsIdentity(ticket)
    principal = New GenericPrincipal(formsID, roles)

    Context.User = principal
    end if

    --- Now if i comment out the "Context.User = principal" line it works
    as i'd expect...


    thanks for any help

    jeffpriz
     
    Jeff, Aug 20, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QWxleCBNYWdoZW4=?=

    Two Different FormsAuth Logins for Same Application

    =?Utf-8?B?QWxleCBNYWdoZW4=?=, Sep 10, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    373
    Walter Wang [MSFT]
    Sep 11, 2006
  2. George Durzi

    FormsAuth Ticket Keeps Expiring

    George Durzi, Sep 18, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    134
    George Durzi
    Sep 18, 2003
  3. George Durzi

    Stumped on FormsAuth Cookie Timing Out

    George Durzi, Sep 19, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    193
    George Durzi
    Sep 25, 2003
  4. Brad
    Replies:
    3
    Views:
    174
    Jacob Yang [MSFT]
    Sep 26, 2003
  5. .NET Follower
    Replies:
    0
    Views:
    134
    .NET Follower
    Feb 9, 2004
Loading...

Share This Page