FormsAuthentication

Discussion in 'ASP .Net Security' started by Grant Merwitz, Mar 2, 2005.

  1. Hi, i am using forms authentication in an ASP.NET project

    I am setting the Forms authentication cookie by using:
    FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);

    Now when i review my trace on my page, there are two cookies created that
    look identical.
    When i FormsAuthentication.SignOut() they both dissappear.

    Any ideas as to why two cookies are created?

    TIA

    P.S. Sorry for the double post, i thought this was more relevant in the
    ..security newsgroup
     
    Grant Merwitz, Mar 2, 2005
    #1
    1. Advertising

  2. Grant Merwitz

    jjardine Guest

    "Grant Merwitz" <> wrote in message
    news:uS%...
    > Hi, i am using forms authentication in an ASP.NET project
    >
    > I am setting the Forms authentication cookie by using:
    > FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    >
    > Now when i review my trace on my page, there are two cookies created that
    > look identical.
    > When i FormsAuthentication.SignOut() they both dissappear.
    >
    > Any ideas as to why two cookies are created?
    >
    > TIA
    >
    > P.S. Sorry for the double post, i thought this was more relevant in the
    > .security newsgroup
    >
    >


    I am not sure why they do this. It might be for tighter security and to
    help stop cookie poisoning or some other form of attach on the cookies.
     
    jjardine, Mar 3, 2005
    #2
    1. Advertising

  3. It should be only one cookie (non persistent) per Forms session.
    Check out if you perhaps did some testing with persist=true parameter of
    RedirectFromLoginPage function and the you might have an old persistent
    cookie from that testing session.

    --
    Hernan de Lahitte
    http://weblogs.asp.net/hernandl
    http://www.lagash.com/english/index.html


    "Grant Merwitz" <> wrote in message
    news:uS%...
    > Hi, i am using forms authentication in an ASP.NET project
    >
    > I am setting the Forms authentication cookie by using:
    > FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    >
    > Now when i review my trace on my page, there are two cookies created that
    > look identical.
    > When i FormsAuthentication.SignOut() they both dissappear.
    >
    > Any ideas as to why two cookies are created?
    >
    > TIA
    >
    > P.S. Sorry for the double post, i thought this was more relevant in the
    > .security newsgroup
    >
    >
     
    Hernan de Lahitte, Mar 3, 2005
    #3
  4. can't be.

    When i log out, using FormsAuthentication.SignOut();

    both cookies disappear from the cookies collection.
    Then when i sign in again, both reappear.

    This application is set up as a virtual directory. Could that have something
    to do with it?

    "Hernan de Lahitte" <> wrote in message
    news:eBeoCp$...
    > It should be only one cookie (non persistent) per Forms session.
    > Check out if you perhaps did some testing with persist=true parameter of
    > RedirectFromLoginPage function and the you might have an old persistent
    > cookie from that testing session.
    >
    > --
    > Hernan de Lahitte
    > http://weblogs.asp.net/hernandl
    > http://www.lagash.com/english/index.html
    >
    >
    > "Grant Merwitz" <> wrote in message
    > news:uS%...
    >> Hi, i am using forms authentication in an ASP.NET project
    >>
    >> I am setting the Forms authentication cookie by using:
    >> FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    >>
    >> Now when i review my trace on my page, there are two cookies created that
    >> look identical.
    >> When i FormsAuthentication.SignOut() they both dissappear.
    >>
    >> Any ideas as to why two cookies are created?
    >>
    >> TIA
    >>
    >> P.S. Sorry for the double post, i thought this was more relevant in the
    >> .security newsgroup
    >>
    >>

    >
    >
     
    Grant Merwitz, Mar 3, 2005
    #4
  5. Do you have any code sample of your login page and any other section that
    you may dealing with Forms Authentication or your Principal object ? (cookie
    handling as well )

    --
    Hernan de Lahitte
    http://weblogs.asp.net/hernandl
    http://www.lagash.com/english/index.html


    "Grant Merwitz" <> wrote in message
    news:uDa4S9$...
    > can't be.
    >
    > When i log out, using FormsAuthentication.SignOut();
    >
    > both cookies disappear from the cookies collection.
    > Then when i sign in again, both reappear.
    >
    > This application is set up as a virtual directory. Could that have
    > something to do with it?
    >
    > "Hernan de Lahitte" <> wrote in message
    > news:eBeoCp$...
    >> It should be only one cookie (non persistent) per Forms session.
    >> Check out if you perhaps did some testing with persist=true parameter of
    >> RedirectFromLoginPage function and the you might have an old persistent
    >> cookie from that testing session.
    >>
    >> --
    >> Hernan de Lahitte
    >> http://weblogs.asp.net/hernandl
    >> http://www.lagash.com/english/index.html
    >>
    >>
    >> "Grant Merwitz" <> wrote in message
    >> news:uS%...
    >>> Hi, i am using forms authentication in an ASP.NET project
    >>>
    >>> I am setting the Forms authentication cookie by using:
    >>> FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    >>>
    >>> Now when i review my trace on my page, there are two cookies created
    >>> that
    >>> look identical.
    >>> When i FormsAuthentication.SignOut() they both dissappear.
    >>>
    >>> Any ideas as to why two cookies are created?
    >>>
    >>> TIA
    >>>
    >>> P.S. Sorry for the double post, i thought this was more relevant in the
    >>> .security newsgroup
    >>>
    >>>

    >>
    >>

    >
    >
     
    Hernan de Lahitte, Mar 4, 2005
    #5
  6. excuse the late response

    i actually realised it was only when my application was running as a virtual
    directory.
    When i changed it to be the root directory, the second cookie suddenly
    disappeared.

    strange

    "Hernan de Lahitte" <> wrote in message
    news:...
    > Do you have any code sample of your login page and any other section that
    > you may dealing with Forms Authentication or your Principal object ?
    > (cookie handling as well )
    >
    > --
    > Hernan de Lahitte
    > http://weblogs.asp.net/hernandl
    > http://www.lagash.com/english/index.html
    >
    >
    > "Grant Merwitz" <> wrote in message
    > news:uDa4S9$...
    >> can't be.
    >>
    >> When i log out, using FormsAuthentication.SignOut();
    >>
    >> both cookies disappear from the cookies collection.
    >> Then when i sign in again, both reappear.
    >>
    >> This application is set up as a virtual directory. Could that have
    >> something to do with it?
    >>
    >> "Hernan de Lahitte" <> wrote in message
    >> news:eBeoCp$...
    >>> It should be only one cookie (non persistent) per Forms session.
    >>> Check out if you perhaps did some testing with persist=true parameter of
    >>> RedirectFromLoginPage function and the you might have an old persistent
    >>> cookie from that testing session.
    >>>
    >>> --
    >>> Hernan de Lahitte
    >>> http://weblogs.asp.net/hernandl
    >>> http://www.lagash.com/english/index.html
    >>>
    >>>
    >>> "Grant Merwitz" <> wrote in message
    >>> news:uS%...
    >>>> Hi, i am using forms authentication in an ASP.NET project
    >>>>
    >>>> I am setting the Forms authentication cookie by using:
    >>>> FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
    >>>>
    >>>> Now when i review my trace on my page, there are two cookies created
    >>>> that
    >>>> look identical.
    >>>> When i FormsAuthentication.SignOut() they both dissappear.
    >>>>
    >>>> Any ideas as to why two cookies are created?
    >>>>
    >>>> TIA
    >>>>
    >>>> P.S. Sorry for the double post, i thought this was more relevant in the
    >>>> .security newsgroup
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    Grant Merwitz, Mar 11, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. fadi
    Replies:
    1
    Views:
    506
  2. TaeHo Yoo
    Replies:
    1
    Views:
    522
    Teemu Keiski
    Jul 9, 2003
  3. Jeff Johnson
    Replies:
    6
    Views:
    3,757
    tharadk
    Jul 24, 2009
  4. Tommy
    Replies:
    1
    Views:
    2,069
    S. Justin Gengo
    Aug 7, 2003
  5. Lauchlan M
    Replies:
    2
    Views:
    495
    John Saunders
    Aug 17, 2003
Loading...

Share This Page