is auth cookie still active

A

Alex

hi,

I have implemented forms authentication and it is woking well however I am
experiencing a slightly frustrating problem.
The "Admin" directory of my site is password protected, however if a user
successfully logs in to this section then will see a small menu at the top
of the page on
ANY page they are logged into, even it is outside the "Admin" directory.
Basically if you are an admin you see this menu and if you are not you
don't.
I achieve this with the following code
Dim encTicket As String
Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim currentUsername
Dim cookie As System.Web.HttpCookie
cookie =
Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
If cookie Is Nothing Then
'The user is not logged in so do not display the menu
MenuLabel.Visible = False
Else
encTicket = cookie.Value
ticket =
System.Web.Security.FormsAuthentication.Decrypt(encTicket)
currentUsername = ticket.Name
MenuLabel.Visible = True
End If

Now if a user logs in successfully and the has no activity on the client for
a certain period they are logged out and have to log back in again. This
also wors fine.
However if the user has been logged out the above code still thinks that the
user is still logged in. I guess the cookie is still on the client although
it has probabally expired.
My question is what would I have to add to the above code to determine that
the cookie has not expired.

cheers

Alex.
 
J

John Saunders

Alex said:
hi,

I have implemented forms authentication and it is woking well however I am
experiencing a slightly frustrating problem.
The "Admin" directory of my site is password protected, however if a user
successfully logs in to this section then will see a small menu at the top
of the page on
ANY page they are logged into, even it is outside the "Admin" directory.
Basically if you are an admin you see this menu and if you are not you
don't.
I achieve this with the following code
Dim encTicket As String
Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim currentUsername
Dim cookie As System.Web.HttpCookie
cookie =
Request.Cookies(System.Web.Security.FormsAuthentication.FormsCookieName)
If cookie Is Nothing Then
'The user is not logged in so do not display the menu
MenuLabel.Visible = False
Else
encTicket = cookie.Value
ticket =
System.Web.Security.FormsAuthentication.Decrypt(encTicket)
currentUsername = ticket.Name
MenuLabel.Visible = True
End If

Now if a user logs in successfully and the has no activity on the client for
a certain period they are logged out and have to log back in again. This
also wors fine.
However if the user has been logged out the above code still thinks that the
user is still logged in. I guess the cookie is still on the client although
it has probabally expired.
My question is what would I have to add to the above code to determine that
the cookie has not expired.

Don't play with the cookie for that purpose. Use Request.IsAuthenticated and
User.IsInRole("Admin").
 
A

Alex

Cheers Again John.

I'll take your advice.


John Saunders said:
Don't play with the cookie for that purpose. Use Request.IsAuthenticated and
User.IsInRole("Admin").
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top