trouble w/ Forms Auth and domain cookies

Discussion in 'ASP .Net Security' started by jeffpriz@yahoo.com, Jul 26, 2005.

  1. Guest

    I'm having trouble with a domain cookie and forms authentication.
    We have several sub-domains so we create a domain cookie for forms
    authentication purposes:

    cook.domain = ".mydomain.com"

    All is good with the world.. I can go all over the place and get in to
    my apps... Great .. except now I can not Log Out...
    I do:
    Web.Security.FormsAuthentication.SignOut()
    Me.Session.Abandon()

    and what happens when I try to come back to my app? I get in just fine,
    never sent back to my login page.

    A little closer inspection using Firefox to watch my cookies, I see
    that I end up with two cookies. One, is my domain cookie, but i also
    end up with a "serversubdomain.mydomain.com" cookie... When I do my
    FormsAuthentication.SignOut() my serverdomain cookie goes away, my
    domain cookie does not.. so I am reauthenticated when I attempt to
    re-enter the site..

    Please help!

    jeffpriz
    , Jul 26, 2005
    #1
    1. Advertising

  2. Hello ,

    can't you manually remove the cookie from the cookies collection with .Remove()
    ??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I'm having trouble with a domain cookie and forms authentication. We
    > have several sub-domains so we create a domain cookie for forms
    > authentication purposes:
    >
    > cook.domain = ".mydomain.com"
    >
    > All is good with the world.. I can go all over the place and get in to
    > my apps... Great .. except now I can not Log Out...
    > I do:
    > Web.Security.FormsAuthentication.SignOut()
    > Me.Session.Abandon()
    > and what happens when I try to come back to my app? I get in just
    > fine, never sent back to my login page.
    >
    > A little closer inspection using Firefox to watch my cookies, I see
    > that I end up with two cookies. One, is my domain cookie, but i also
    > end up with a "serversubdomain.mydomain.com" cookie... When I do my
    > FormsAuthentication.SignOut() my serverdomain cookie goes away, my
    > domain cookie does not.. so I am reauthenticated when I attempt to
    > re-enter the site..
    >
    > Please help!
    >
    > jeffpriz
    >
    Dominick Baier [DevelopMentor], Jul 26, 2005
    #2
    1. Advertising

  3. Guest

    Well I've tried a few things. I have tried the Remove, but that's not
    met with any success (when I do my
    context.Reesponse.Cookies.Remove("cookieName"), I assume I'm removing
    one cookie, but I don't get access to BOTH cookies, I'm accessing by
    name, I have 2 duplicately named cookies...)

    Also I've tried expiring the cooking by writing out the same domain
    cookie with an old expiration time.. but I haven't actually been able
    to get it expired. It continues to authenticate against it.

    thanks

    jeffpriz
    , Jul 27, 2005
    #3
  4. Hello ,

    haven't tried that - but can you cycle through the whole cookie collection
    and just remove everything

    foreach (HttpCookie in Response.Cookies)
    ....

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Well I've tried a few things. I have tried the Remove, but that's not
    > met with any success (when I do my
    > context.Reesponse.Cookies.Remove("cookieName"), I assume I'm removing
    > one cookie, but I don't get access to BOTH cookies, I'm accessing by
    > name, I have 2 duplicately named cookies...)
    >
    > Also I've tried expiring the cooking by writing out the same domain
    > cookie with an old expiration time.. but I haven't actually been able
    > to get it expired. It continues to authenticate against it.
    >
    > thanks
    >
    > jeffpriz
    >
    Dominick Baier [DevelopMentor], Jul 28, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    686
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    543
    Elton Wang
    Jan 8, 2005
  3. Chris Mohan

    Configuring Windows Auth & Forms Auth in Asp.Net

    Chris Mohan, Apr 28, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    406
    Chris Mohan
    Apr 29, 2004
  4. Forms Auth Info passed to Windows Auth?

    , Apr 28, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    213
    Hernan de Lahitte
    May 3, 2005
  5. Ed Staffin
    Replies:
    1
    Views:
    331
    Ken Schaefer
    Apr 17, 2006
Loading...

Share This Page