trouble with Forms authentication and new windows opened with java script

Discussion in 'ASP .Net' started by Daniel Walzenbach, Nov 17, 2003.

  1. Hi,

    I have an application using "Forms authentication".
    Everything works perfectly well except when I try to open
    a new page with java script like the following:

    <script language='javascript'>window.open
    (myPage.aspx','','Fullscreen=no; Scrollbars=yes;
    Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
    </script>

    I now get to see the login page. Does anybody know how to
    prevent this behaviour?

    Thank you a lot!
    Daniel Walzenbach
     
    Daniel Walzenbach, Nov 17, 2003
    #1
    1. Advertising

  2. "Daniel Walzenbach" <> wrote in
    message news:5af301c3ad25$534f7fa0$...
    > Hi,
    >
    > I have an application using "Forms authentication".
    > Everything works perfectly well except when I try to open
    > a new page with java script like the following:
    >
    > <script language='javascript'>window.open
    > (myPage.aspx','','Fullscreen=no; Scrollbars=yes;
    > Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
    > </script>
    >
    > I now get to see the login page. Does anybody know how to
    > prevent this behaviour?


    I haven't tried this myself, but I would think that if the page you're
    opening is in the same domain as the site you authenticated to, that there
    would be no problem.

    The question comes down to whether the authentication cookie is sent to the
    server by the second page. If it wasn't sent, it would most likely be
    because of different domains. For instance, if you authenticated at
    http://area.company.com, and you're trying to open a page at
    http://somewhereelse.company.com, it should succeed if the authentication
    cookie was in domain "company.com", but not if it was in domain
    "area.company.com".

    As a diagnostic, put a link to your "myPage.aspx" on the page and click the
    link and see what happens.

    Also, what browser are you using?
    --
    John Saunders
    John.Saunders at SurfControl.com
     
    John Saunders, Nov 17, 2003
    #2
    1. Advertising

  3. 2 things....
    One... what's the timeout on your session? This could cause this to happen.
    I had some thing like this happen with iframes. I would get the login in the
    iframe that timedout.

    Let me look for the JavaScript that I used to fix it.

    "Daniel Walzenbach" <> wrote in
    message news:5af301c3ad25$534f7fa0$...
    > Hi,
    >
    > I have an application using "Forms authentication".
    > Everything works perfectly well except when I try to open
    > a new page with java script like the following:
    >
    > <script language='javascript'>window.open
    > (myPage.aspx','','Fullscreen=no; Scrollbars=yes;
    > Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
    > </script>
    >
    > I now get to see the login page. Does anybody know how to
    > prevent this behaviour?
    >
    > Thank you a lot!
    > Daniel Walzenbach
     
    george d lake, Nov 17, 2003
    #3
  4. here is the Java script....


    In the .aspx add at the beginning of the page (somewhere in the header)
    <%If Request("var") <> "" Then%>
    <script language="javascript">
    top.location.href = 'login.aspx';
    </script>
    <%End If%>


    What this does is check the session var "var" if it is not set (session time
    out) it will load the login screen in the top frame. you might have to
    change it to parent.location.href or something down that line....


    "Daniel Walzenbach" <> wrote in
    message news:5af301c3ad25$534f7fa0$...
    > Hi,
    >
    > I have an application using "Forms authentication".
    > Everything works perfectly well except when I try to open
    > a new page with java script like the following:
    >
    > <script language='javascript'>window.open
    > (myPage.aspx','','Fullscreen=no; Scrollbars=yes;
    > Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
    > </script>
    >
    > I now get to see the login page. Does anybody know how to
    > prevent this behaviour?
    >
    > Thank you a lot!
    > Daniel Walzenbach
     
    george d lake, Nov 17, 2003
    #4
  5. Thank you John and George,



    Unfortunately neither of your assumptions is right. I don't navigate across
    domain borders neither should my session be timed out. It is not that it
    happens once in a while but ever. The page I open using Java Script is
    located in a sub-directory of the same application. I am using Microsoft IE
    6 SP1.



    Any other suggestions? If you want I can assemble a small project containing
    the two pages and up it here.



    Greetings

    Daniel Walzenbach





    "george d lake" <> schrieb im Newsbeitrag
    news:...
    > here is the Java script....
    >
    >
    > In the .aspx add at the beginning of the page (somewhere in the header)
    > <%If Request("var") <> "" Then%>
    > <script language="javascript">
    > top.location.href = 'login.aspx';
    > </script>
    > <%End If%>
    >
    >
    > What this does is check the session var "var" if it is not set (session

    time
    > out) it will load the login screen in the top frame. you might have to
    > change it to parent.location.href or something down that line....
    >
    >
    > "Daniel Walzenbach" <> wrote in
    > message news:5af301c3ad25$534f7fa0$...
    > > Hi,
    > >
    > > I have an application using "Forms authentication".
    > > Everything works perfectly well except when I try to open
    > > a new page with java script like the following:
    > >
    > > <script language='javascript'>window.open
    > > (myPage.aspx','','Fullscreen=no; Scrollbars=yes;
    > > Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
    > > </script>
    > >
    > > I now get to see the login page. Does anybody know how to
    > > prevent this behaviour?
    > >
    > > Thank you a lot!
    > > Daniel Walzenbach

    >
    >
     
    Daniel Walzenbach, Nov 17, 2003
    #5
  6. Daniel Walzenbach

    MSFT Guest

    Hi Daniel,

    Since the "mypage.aspx" is in a sub directory of your web application, is
    there also a "web.config" in the sub directory? And, when you perform the
    form authentication, did you change any default settings for cookies?

    Additionlly, have you checked if a link will work as John suggested?

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Nov 18, 2003
    #6
  7. Hello Luke,



    Thank you for your help but I solved my problem this afternoon. In fact
    George was right. My session was lost. Not due to a timeout but to the fact
    that I not even had an HTML file. Mea culpa. I was directly streaming out a
    pdf file. I now placed my page in an iFrame and the world is good again.



    Thank you everybody for your help!

    Daniel





    "MSFT" <> schrieb im Newsbeitrag
    news:...
    > Hi Daniel,
    >
    > Since the "mypage.aspx" is in a sub directory of your web application, is
    > there also a "web.config" in the sub directory? And, when you perform the
    > form authentication, did you change any default settings for cookies?
    >
    > Additionlly, have you checked if a link will work as John suggested?
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
     
    Daniel Walzenbach, Nov 18, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,509
    Tommy
    Feb 13, 2004
  2. albertly
    Replies:
    3
    Views:
    14,075
    Steven Cheng[MSFT]
    Feb 8, 2008
  3. Eric
    Replies:
    2
    Views:
    578
  4. Vetrivel
    Replies:
    1
    Views:
    409
    Ken Schaefer
    Dec 11, 2003
  5. Dominic Tocci
    Replies:
    0
    Views:
    104
    Dominic Tocci
    Jun 30, 2005
Loading...

Share This Page