FormsAuthentication

[Grant Merwitz]

Hi, i am using forms authentication in an ASP.NET project

I am setting the Forms authentication cookie by using:
FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);

Now when i review my trace on my page, there are two cookies created that
look identical.
When i FormsAuthentication.SignOut() they both dissappear.

Any ideas as to why two cookies are created?

TIA

P.S. Sorry for the double post, i thought this was more relevant in the
..security newsgroup

[jjardine]

"Grant Merwitz" <grant@workshare.com> wrote in message
news:uS%23smByHFHA.1528@TK2MSFTNGP09.phx.gbl...

> Hi, i am using forms authentication in an ASP.NET project
>
> I am setting the Forms authentication cookie by using:
> FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);
>
> Now when i review my trace on my page, there are two cookies created that
> look identical.
> When i FormsAuthentication.SignOut() they both dissappear.
>
> Any ideas as to why two cookies are created?
>
> TIA
>
> P.S. Sorry for the double post, i thought this was more relevant in the
> .security newsgroup
>
>

I am not sure why they do this. It might be for tighter security and to
help stop cookie poisoning or some other form of attach on the cookies.

[Hernan de Lahitte]

It should be only one cookie (non persistent) per Forms session.
Check out if you perhaps did some testing with persist=true parameter of
RedirectFromLoginPage function and the you might have an old persistent
cookie from that testing session.

--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]


"Grant Merwitz" <grant@workshare.com> wrote in message
news:uS%23smByHFHA.1528@TK2MSFTNGP09.phx.gbl...

> Hi, i am using forms authentication in an ASP.NET project
>
> I am setting the Forms authentication cookie by using:
> FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);
>
> Now when i review my trace on my page, there are two cookies created that
> look identical.
> When i FormsAuthentication.SignOut() they both dissappear.
>
> Any ideas as to why two cookies are created?
>
> TIA
>
> P.S. Sorry for the double post, i thought this was more relevant in the
> .security newsgroup
>
>

[Grant Merwitz]

can't be.

When i log out, using FormsAuthentication.SignOut();

both cookies disappear from the cookies collection.
Then when i sign in again, both reappear.

This application is set up as a virtual directory. Could that have something
to do with it?

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:eBeoCp$HFHA.2936@TK2MSFTNGP15.phx.gbl...

> It should be only one cookie (non persistent) per Forms session.
> Check out if you perhaps did some testing with persist=true parameter of
> RedirectFromLoginPage function and the you might have an old persistent
> cookie from that testing session.
>
> --
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
>
> "Grant Merwitz" <grant@workshare.com> wrote in message
> news:uS%23smByHFHA.1528@TK2MSFTNGP09.phx.gbl...

>> Hi, i am using forms authentication in an ASP.NET project
>>
>> I am setting the Forms authentication cookie by using:
>> FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);
>>
>> Now when i review my trace on my page, there are two cookies created that
>> look identical.
>> When i FormsAuthentication.SignOut() they both dissappear.
>>
>> Any ideas as to why two cookies are created?
>>
>> TIA
>>
>> P.S. Sorry for the double post, i thought this was more relevant in the
>> .security newsgroup
>>
>>

>
>

[Hernan de Lahitte]

Do you have any code sample of your login page and any other section that
you may dealing with Forms Authentication or your Principal object ? (cookie
handling as well )

--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]


"Grant Merwitz" <grant@workshare.com> wrote in message
news:uDa4S9$HFHA.2784@TK2MSFTNGP09.phx.gbl...

> can't be.
>
> When i log out, using FormsAuthentication.SignOut();
>
> both cookies disappear from the cookies collection.
> Then when i sign in again, both reappear.
>
> This application is set up as a virtual directory. Could that have
> something to do with it?
>
> "Hernan de Lahitte" <hernan@lagash.com> wrote in message
> news:eBeoCp$HFHA.2936@TK2MSFTNGP15.phx.gbl...

>> It should be only one cookie (non persistent) per Forms session.
>> Check out if you perhaps did some testing with persist=true parameter of
>> RedirectFromLoginPage function and the you might have an old persistent
>> cookie from that testing session.
>>
>> --
>> Hernan de Lahitte
>> [url]http://weblogs.asp.net/hernandl[/url]
>> [url]http://www.lagash.com/english/index.html[/url]
>>
>>
>> "Grant Merwitz" <grant@workshare.com> wrote in message
>> news:uS%23smByHFHA.1528@TK2MSFTNGP09.phx.gbl...

>>> Hi, i am using forms authentication in an ASP.NET project
>>>
>>> I am setting the Forms authentication cookie by using:
>>> FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);
>>>
>>> Now when i review my trace on my page, there are two cookies created
>>> that
>>> look identical.
>>> When i FormsAuthentication.SignOut() they both dissappear.
>>>
>>> Any ideas as to why two cookies are created?
>>>
>>> TIA
>>>
>>> P.S. Sorry for the double post, i thought this was more relevant in the
>>> .security newsgroup
>>>
>>>

>>
>>

>
>

[Grant Merwitz]

excuse the late response

i actually realised it was only when my application was running as a virtual
directory.
When i changed it to be the root directory, the second cookie suddenly
disappeared.

strange

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:OchEmPLIFHA.3376@TK2MSFTNGP14.phx.gbl...

> Do you have any code sample of your login page and any other section that
> you may dealing with Forms Authentication or your Principal object ?
> (cookie handling as well )
>
> --
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
>
> "Grant Merwitz" <grant@workshare.com> wrote in message
> news:uDa4S9$HFHA.2784@TK2MSFTNGP09.phx.gbl...

>> can't be.
>>
>> When i log out, using FormsAuthentication.SignOut();
>>
>> both cookies disappear from the cookies collection.
>> Then when i sign in again, both reappear.
>>
>> This application is set up as a virtual directory. Could that have
>> something to do with it?
>>
>> "Hernan de Lahitte" <hernan@lagash.com> wrote in message
>> news:eBeoCp$HFHA.2936@TK2MSFTNGP15.phx.gbl...

>>> It should be only one cookie (non persistent) per Forms session.
>>> Check out if you perhaps did some testing with persist=true parameter of
>>> RedirectFromLoginPage function and the you might have an old persistent
>>> cookie from that testing session.
>>>
>>> --
>>> Hernan de Lahitte
>>> [url]http://weblogs.asp.net/hernandl[/url]
>>> [url]http://www.lagash.com/english/index.html[/url]
>>>
>>>
>>> "Grant Merwitz" <grant@workshare.com> wrote in message
>>> news:uS%23smByHFHA.1528@TK2MSFTNGP09.phx.gbl...
>>>> Hi, i am using forms authentication in an ASP.NET project
>>>>
>>>> I am setting the Forms authentication cookie by using:
>>>> FormsAuthentication.RedirectFromLoginPage(UserName .Text, false);
>>>>
>>>> Now when i review my trace on my page, there are two cookies created
>>>> that
>>>> look identical.
>>>> When i FormsAuthentication.SignOut() they both dissappear.
>>>>
>>>> Any ideas as to why two cookies are created?
>>>>
>>>> TIA
>>>>
>>>> P.S. Sorry for the double post, i thought this was more relevant in the
>>>> .security newsgroup
>>>>
>>>>
>>>
>>>

>>
>>

>
>