FormsAuthentication cookie refreshing

[Guest]

Hi,

I am trying to refresh the cookie to make sure the timeout is reset by
simply calling a blank page on my site. I am doing this because I have an
external site hosted in my web that isn't sharing the auth mechanism. I can
test this easily by simply having a hidden iframe and use a javascript call
to refresh my sites blank page every time the external site loads a page and
this does work fine, the cookie is refreshed as expected if half the
expiration time has expired.

My question is about using another way of doing the refresh. I had tried
using an XMLHttpRequest initially as it was a bit neater, but for some reason
this did not cause the cookie to be reset. I had thought that the forms auth
module would process the request regardless of how it was generated and thus
reset the cookie expiration if that was needed, but I guess I don't really
understand how XMLHTTPRequest really works at all! Can anyone help explain? I
mean does it not send the cookie in the first place or is something else
going on under the covers?

Thanks
Dan

 

[Cowboy \(Gregory A. Beamer\)]

Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question, unless you are going to write an
elaborate scheme to update the actual client side cookie (which would
probably fail due to security concerns on the client). You could extend
timeout, of course, but there is an issue there.

Question is: Why do you have to contact this other site? Is it possible to
wrap the other sites data in a web service and bind on your original site?
If impossible, you will have to refresh an actual page. iFrame with a BS
page is one possibilty, but a complete reachitecture of the system is
probably in order (system as a whole, both sites).

 

[Guest]

thanks for the quick reply!

i need to contact this other site as it is a self contained application like
many of the sites that are connected to from our portal. it needs to appear
seamless to the user though i.e. as though it is all one app, hence the need
to keep the session alive for all hosted sites (all the others are in our
control so no probs there). the nature of the site is that a user may well
spend quite a reasonable amount of time doing stuff there and then need to
use another site, at which point the cookie may have expired.

what is a 'BS' page?

re-architecture is prob not an option as the other site does not belong
directly to us, although it must participate within our business process, but
out of interest, what other options would you have suggested if you had full
control?

cheers
dan

 

[Guest]

one other question, sorry!

'Without altering the forms auth model, it only extends time when a page is
hit, so XMLHTTP is out of the question'

how is using xmlhttp to hit the aspx page different to using a normal
browser request i.e. in this case via iframe? wouldn't both calls appear the
same to the forms auth module?

cheers
dan