What are the exact steps required for a cookie to persist after a browser is closed? At the moment I have:
System.Web.Security.FormsAuthentication.Decrypt(Request.Cookies[System.Web.Security.FormsAuthentication.FormsCookieName].Value)
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
[code]...
When i disable cookie at browser level will 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?
View 2 RepliesIn my web application, I use an exit button which runs session.abandon to close the session and then close the browser.It does not work with multi-tabs in IE. If I open my application in two tabs, I click on the exit button in one tab which abandons the session and close the tab. But the application in another tab can still work.Is there any way to close the session for this application in all the tabs?
View 1 RepliesI'm creating a site. Below is my authentication tag and session tag in web.config
<authentication mode="Forms">
<forms protection="All" loginUrl="Pages/Log In/Login.aspx" name=".ASPXFORMSAUTH" cookieless="UseCookies" requireSSL="false"
defaultUrl="Pages/Common/Default.aspx" enableCrossAppRedirects="false" slidingExpiration="true" timeout="30"path="/">
</forms>
</authentication>
<sessionState mode="InProc" timeout="30" cookieless="false" cookieName=".ASPSession"/>
And I have a custom Membership Providor....
<membership defaultProvider="SqlMemberShipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
<providers>
<clear/>
<add
name="SqlMemberShipProvider"
type="RoalManagement.SqlMemberShipProvider"
connectionStringName="SqlServices"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
writeExceptionsToEventLog="true"
applicationName="OnlineOnTheWeb"
minRequiredPasswordLength="6"
passwordStrengthRegularExpression="^.*(?=.{6,50})(?=.*[a-z])(?=.*[A-Z])(?=.*[dW]).*$"
maxInvalidPasswordAttempts="3"
requiresUniqueEmail="true"
/>
</providers>
</membership>
Now in login page after firsttime login i set some session data... like
protected void Login_LoggedIn(object sender, EventArgs e)
{
//.....
Session["EMPLOYEELOGGEDIN"] = "Y";
//.....
}
Now say i close the browser... and next time when i open the site it takes me directly to the default page [Login_LoggedIn is not called accordingly]... because i'm already logged in for 30 mins acc. to configuration. but as my session id gets changed i can't access Session["EMPLOYEELOGGEDIN"] from any page in this time. It always returns null. But how do i get back the previous session for that person?
Can i still store value in session if in browser cookie is disabled?
View 2 RepliesI want to show a popup about browser compatibility to the users visiting my website. I have used the popup in about 5 pages and it would be annoying for the users to see the same popup for more than once when they visit my website. So I am thinking to use a session and kill it when the user closes the poup. IT should not be shown until the browser is restarted.
View 4 RepliesSession variables are on server side. I need to clear out the server side session variables on browser close on client side. I have used a WebService and ajax call but still i am not getting the session cleared.
View 3 RepliesI'm not sure if this is an error or is the right work mode for sql sessions.
I'm working now with Windows 2008 R2 Web Ed. and SQL Server 2008 Web Ed.
When I close my browse and open again a new browser window I need to login again in asp.net application and a new session is created in the sessions table in sql server.
It's this normal? I remember that with Windows 2003 and SQL 2005 this doesn't happend. When I closed my browser and open inmediately a new browser window my session was retained and I could continue working without relogin.
I have website which runs multiple threads. When user close the browser but threads are still running. How to kill/stop all thread in asp.net on browser close.
View 2 RepliesWe have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).
Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.
The client is redirected back to a pre-configured url on our original http web app when done.
However, the customer is then asked to "re-login" again on our side which is undesired...
It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.
How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?
I need to make my asp.net session cookie as secure but whenever i check user authentication and after that i am trying to set cookie to true then my session lost my user information and so it always redirect login page. I am settings user to HttpContext.Current.Session["user"] and check every time, is user is valid and if valid then move ahead. but before that i make my asp.net session cookie as true.
[Code]....
but after that i observe that somehow "Session_Start" event gets called.
Is it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
View 1 RepliesI am having a hard time implementing "Remember Me" functionality in an MVC application with a custom principal. I have boiled it down to ASP.NET not retrieving the authentication cookie for me. I have included a snaphot below from Google Chrome.
Shows the results of Request.Cookies that is set within the controller action and placed in ViewData for the view to read. Notice that it is missing the .ASPXAUTH cookie Shows the results from the Chrome developer tools. You can see that .ASPXAUTH is included here.
Does anyone know what the issue may be here? Why does ASP.NET not read this value from the cookie collection?
My application uses a custom IPrincipal. BusinessPrincipalBase is a CSLA object that ust implements IPrincipal. Here is the code for that:
[Code]....
I do not think that any of this is related because the bottom line is that the Request.Cookies does not return the authentication cookie. Is it related to the size of the cookie? I heard there are issues to the size of the cookie.
UPDATE: It seems that the issue revolves around subdomains. This site was being hosted with a subdomain and the cookie domain was left blank. Does anyone have any pointers on how I can get the auth cookie to work with all domains (e.g. http://mydomain.com, http://www.mydomain.com, and http://sub.mydomain.com)?
How would I update a table in a SQL database if/when someone closes their browser after visiting a webpage?I'm manually set-up a table which will be updated when the person logs in; their login time. I have it configured so that if they click on logout, it'll update their log-off time. The issue is that if they just close their browser, I need it to update the table with this time
View 1 RepliesI want to call a function in my Global.asax when the user closes his browser so I can delete a databse entry but how do I have to do this?
View 7 RepliesI am using visual web developer express edition and Im a new user of this tool. Im just trying to close a browser when the user clicks a button. The code below has two discrepancies. First, if you are using IE it works fine,however if you will be using other browsers like google chrome or firefox it will just close the browser if the button is the first control to click in the first time but if you have already click or use other controls on your page or has already browse another page it will not close anymore. Why is that? I need a code that is capable of closing any type of browsers anytime a button is click.
Here's my code:
<script language="javascript" type ="text/javascript" >
function CloseBrowser()
{
window .close ();
}
[Code]...
I'm having a problem trying to delete the form authentication ticket (.ASPXAUTH) from the server side. It would be the same to delete or invalidate the ticket so the client could not reuse it.
So far, the only solution I've found is to delete the ticket from the client side (through a "Set-Cookie: .ASPXAUTH=;") but nothing seems to be implemented and/or working for doing so in the server side. The final idea is that if someone steels that ticket
In particular, I'm working in C# but as it's rellated to the Dotnet Framework any implementation of the solution would be OK; I tried all the possible things and nothing worked out, even invalidating the session but nothing.
I have a following architecture:
1) client logins to ASP.NET web site (www.site.com) where the session expired in 3000 minutes and cookieless set to false.
2) After some time client opens Activex in browser. Activex connects to Session Enabled Web Service (www.site.com/Service.asmx) through .NET managed classes.
What I need to do is send cookies which browser recieved while authenticated through Web site. and if such cookie does not exist then the user is not authenticated and connection to Web service will be prohibited.
I understand that I need to use System.Net.CookieContainer class, but How do I set this broser cookie to this class?
localhost.WebService1 web = new localhost.WebService1();
System.Net.CookieContainer cookie = new System.Net.CookieContainer();
web.CookieContainer = cookie;
Do we know the algorithm that asp.net uses to create the authentication cookie (when using forms authentication?)
Can we basically create our own copy implementation? if so, how?
What does it use to generate the encrypted cookie value, I know it uses whatever you pass into the SetAuthCookie call (which is usually the userID/username).
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
I have 2 websites running on localhost in different ports. As browsers do not differentiate port numbers when sending cookies, my forms authentication ticket from one site is being sent to the other
How do I solve this? I thought that a good solution would be to change the forms authentication ticket or one of the websites but I don't know how to do this.
i have issue with browser close prompt;
"the webpage you are viewing is trying to close the window"
in ie6 i prevent this by using coding
self.opener = this;
self.close();
in ie7 and ie8 i prevent this by using coding
window.open('', '_self', '');
window.close();
but, problem is which code will prevent for all brower(ie6,7,8) asking the message.
If the logged in user either exits out of a directory OR closes the browser......I want to automatically log them out. IS this possible and where is it done? What code can be used for these actions?
View 3 RepliesI have made my 1st asp.net web app in vs2010. I run the app and Firefox opens, showing the page. When I close Firefox, the app continues to be (Running) inside VS2010. I think the app should stop running when I close the browser. Is this right? If so, how can I make VS2010 get out of run mode and back to design mode by itself?
View 6 RepliesI want to show a ModalPopup (with some data from Database) if user closes current bowser window or tab.
View 3 Replies
