Professional Web Applications Themes

Forms Authentication without a Cookie? - ASP.NET General

I've got a fairly simple forms authentication project (a login page and a single secure page), but a number of users (~25%) can't seem to get past the login.aspx step. I theorized that this might have to do with their browser's cookie setting. I had been using cookies to store session state and logon parameters (user option), but I completely eliminated them using the SQLServer session management approach. But now, with my test browser set on "prompt" for cookies, I still get a message that my login page is trying to set a cookie. I gather it's from this statement: ...

  1. #1

    Default Forms Authentication without a Cookie?

    I've got a fairly simple forms authentication project (a login page and a
    single secure page), but a number of users (~25%) can't seem to get past the
    login.aspx step. I theorized that this might have to do with their
    browser's cookie setting.

    I had been using cookies to store session state and logon parameters (user
    option), but I completely eliminated them using the SQLServer session
    management approach. But now, with my test browser set on "prompt" for
    cookies, I still get a message that my login page is trying to set a cookie.

    I gather it's from this statement:

    FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text,
    false);

    If I accept the cookie, I move on to the secure page. If I don't, I end up
    staying on the login.aspx page. I think that's what might be happening with
    some of the users who attempt to access this page (even though most say
    their browsers accept cookies).

    Any thoughts here? Is there any way to have an authentication scheme
    without cookies? Might something else be throwing my users?

    TIA

    Harry


    Harry Guest

  2. #2

    Default Re: Forms Authentication without a Cookie?

    In your web.config file, in your sessionState tag, set the attribute
    cookieless="true"

    --
    I hope this helps,
    Steve C. Orr, MCSD
    http://Steve.Orr.net
    --------------------------------
    Hire top notch developers to get your projects done right:
    http://www.able-consulting.com
    --------------------------------



    "Harry Whitehouse" <com> wrote in message
    news:%phx.gbl... 
    the 
    cookie. 
    up 
    with 


    Steve Guest

  3. #3

    Default Re: Forms Authentication without a Cookie?

    Steve -- Thanks for replying!

    I had set that parameter, but had that one last cookie write attempt
    nonetheless!

    Harry

    "Steve C. Orr, MCSD" <net> wrote in message
    news:phx.gbl... [/ref]

    > the [/ref]
    (user 
    > cookie. 
    > up 
    > with 
    >
    >[/ref]


    Harry Guest

  4. #4

    Default Re: Forms Authentication without a Cookie?

    Ken -- Thanks for this. I had not seen this article!

    Harry

    "Ken Cox [Microsoft MVP]" <ca> wrote in message
    news:phx.gbl... 


    Harry Guest

  5. #5

    Default Re: Forms Authentication without a Cookie?

    John -- Good suggestion! I'll give that a try!

    Harry 


    Harry Guest

  6. #6

    Default Re: Forms Authentication without a Cookie?

    Yes, it will still try to use cookies even if you have this setting.
    But the cookie is not required for the authentication to work. So if the
    cookie is not successfully written then it should still work.

    --
    I hope this helps,
    Steve C. Orr, MCSD
    http://Steve.Orr.net
    --------------------------------
    Hire top notch developers to get your projects done right:
    http://www.able-consulting.com
    --------------------------------


    "Harry Whitehouse" <com> wrote in message
    news:O75D1$phx.gbl... [/ref][/ref]
    and [/ref][/ref]
    past [/ref]
    > (user [/ref][/ref]
    for 
    > > cookie. [/ref][/ref]
    FormsAuthentication.RedirectFromLoginPage(UserSeri alNo.Text, [/ref][/ref]
    end [/ref][/ref]
    happening [/ref][/ref]
    say 
    > >
    > >[/ref]
    >
    >[/ref]


    Steve Guest

Similar Threads

  1. forms authentication cookie changes
    By Andy in forum ASP.NET Security
    Replies: 2
    Last Post: July 22nd, 08:08 AM
  2. Forms Authentication and Authentication Cookie
    By rgouge in forum ASP.NET Security
    Replies: 3
    Last Post: June 20th, 10:09 PM
  3. Forms Authentication - Cookie not being generated...
    By Nugs in forum ASP.NET Security
    Replies: 7
    Last Post: April 20th, 07:03 PM
  4. Forms Authentication Cookie Does Not Expire
    By Joey Powell in forum ASP.NET Security
    Replies: 4
    Last Post: December 2nd, 10:15 AM
  5. Forms Authentication Cookie via IP Only
    By Brian Mahloch in forum ASP.NET Security
    Replies: 1
    Last Post: November 6th, 04:56 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139