Why I remain signed on (auth/authorization)?

[dee]

When i sign on using

<authentication mode="Forms">
<forms loginUrl="LogIn.aspx"/>
</authentication>

My login code is:

If MyCheckPassword(name, pwd) Then
FormsAuthentication.RedirectFromLoginPage(name, True)
End If

So far so good. What happens is that once I have signed in I remain signed
in even cross application restarts. How can I set the authorization cookie
to expire with e.g., session expiration?

Also, I have all cookies disabled in my browser. How does the authorization
cookie get set anyway? This a different kind of cookie?

Thanks much.
Dee

 

[Brock Allen]

Pass false as the 2nd parameter to RedirectFromLoginPage.

 

[dee]

Thanks a lot Brock.
That solves my problem. I'm still wondering how ASP.NET manages to use
cookies to accomplish the siging process while I have disabled cookies
completey in IE.

 

[Brock Allen]

Not sure without seeing your setup, but I'd guess that you've not really
disabled cookies in IE? *shrug*

 

[dee]

I have, in the Pricay tab of IE's Options, set "Block All Cookies".
I tried to test this with FireFox. Running under localhost FireFox presents
me with a windows logon popup asking for my windows account logon ( and
ignoring <authentication mode="Forms">. Then when I go to restriced page it
doesnt even ask for login and gives me the page. Bypassing the whole thing!
....

 

[Brock Allen]

Right, so you're probabaly blocking the wrong zone then. Again, my guess

 

[dee]

Brock you were right.
Local intranet sites that includes localhost are probably treated specially
by IE.
Thanks

 

[dee]

Brock you were right.
Local intranet sites that includes localhost are probably treated specially
by IE.
Thanks