In my test app i used a non persistant cookie for forms authentication.
slidingExpiration is set to true
On run and close and rerun the login remains ok.
I have a time-out of one minute and indeed, it directs me to the login if i
wait to long.
The slidingExpiration does it's work also.
So were is this persistance for?
Thanks,What do you mean by "close" ? A non persistant cookie shouldn't survive when
the browser is closed and launched again (unlike a persistant cookie)...
Patrice
"Edwin Knoppert" <news@.hellobasic.com> a crit dans le message de
news:43ddeb0e$0$12848$ba620dc5@.text.nova.planet.nl...
> I have searched but info is limitted.
> In my test app i used a non persistant cookie for forms authentication.
> slidingExpiration is set to true
> On run and close and rerun the login remains ok.
> I have a time-out of one minute and indeed, it directs me to the login if
i
> wait to long.
> The slidingExpiration does it's work also.
> So were is this persistance for?
> Thanks,
>
>
Well it does..
And indeed i mean run, close the browser, and run again.
But then this was all tested in the VWD environment.
What you are telling me is what i expected.
In our case we might choose for non-persistance.
"Patrice" <a@.bc.c> schreef in bericht
news:OC1VTrYJGHA.1728@.TK2MSFTNGP14.phx.gbl...
> What do you mean by "close" ? A non persistant cookie shouldn't survive
> when
> the browser is closed and launched again (unlike a persistant cookie)...
> --
> Patrice
> "Edwin Knoppert" <news@.hellobasic.com> a crit dans le message de
> news:43ddeb0e$0$12848$ba620dc5@.text.nova.planet.nl...
> i
>
tested again, indeed, even while i have persistance set to false, on browser
restart it never passes the login page.
"Edwin Knoppert" <news@.hellobasic.com> schreef in bericht
news:43ddf3fb$0$12849$ba620dc5@.text.nova.planet.nl...
> Well it does..
> And indeed i mean run, close the browser, and run again.
> But then this was all tested in the VWD environment.
> What you are telling me is what i expected.
> In our case we might choose for non-persistance.
>
> "Patrice" <a@.bc.c> schreef in bericht
> news:OC1VTrYJGHA.1728@.TK2MSFTNGP14.phx.gbl...
>
You can see the cookies for the site in the browser options to make sure
this is not another problem (for example an non protected page)..
Patrice
"Edwin Knoppert" <news@.hellobasic.com> a crit dans le message de
news:43ddf678$0$12843$ba620dc5@.text.nova.planet.nl...
> tested again, indeed, even while i have persistance set to false, on
browser
> restart it never passes the login page.
>
> "Edwin Knoppert" <news@.hellobasic.com> schreef in bericht
> news:43ddf3fb$0$12849$ba620dc5@.text.nova.planet.nl...
cookie)...
authentication.
>
I have checked, my options guides me to the folder: ....Local
Settings\Temporary Internet Files
I cleaned most of it, cookies do not show a name i used for test: <forms
name="AuthCookie_logintest1" ...
I assume the cookie *filename* contains the forms name somehow?
Yes, i'm using roles, it all works out fine, i checked with isinrole() on a
2nd webpage.
To authenicate i'm using:
Dim authTicket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, sUserName, DateTime.Now, Expiration,
bIsPersistant, sRoles)
Where bIsPersistant is false (checked).
I even terminated the local webserver, the one executed by VWD.
But since i do not persist, i don't think there is a filename right?
"Patrice" <a@.bc.c> schreef in bericht
news:OUd1BWZJGHA.3408@.TK2MSFTNGP12.phx.gbl...
> You can see the cookies for the site in the browser options to make sure
> this is not another problem (for example an non protected page)..
> --
> Patrice
> "Edwin Knoppert" <news@.hellobasic.com> a crit dans le message de
> news:43ddf678$0$12843$ba620dc5@.text.nova.planet.nl...
> browser
> cookie)...
> authentication.
>
Why don't you use Session State? It behaves exactly the same (except for
timing out), and in fact, when it uses cookies, it uses a non-persistent
("session") cookie to identify the client.
More information: All you need to do to not persist a cookie is not to set
the Expiration property. This creates a session cookie on the client, which
is not stored in the file system, but in browser memory. The difference
between using a session cookie on the client,and using Session State, is
that Session State times out. The client session cookie will remain on the
client until the domain is navigated away from, or the browser is closed.
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
Who is Mighty Abbott?
A twin turret scalawag.
"Edwin Knoppert" <news@.hellobasic.com> wrote in message
news:43de087e$0$12833$ba620dc5@.text.nova.planet.nl...
>I have checked, my options guides me to the folder: ....Local
>Settings\Temporary Internet Files
> I cleaned most of it, cookies do not show a name i used for test: <forms
> name="AuthCookie_logintest1" ...
> I assume the cookie *filename* contains the forms name somehow?
> Yes, i'm using roles, it all works out fine, i checked with isinrole() on
> a 2nd webpage.
> To authenicate i'm using:
> Dim authTicket As FormsAuthenticationTicket = New
> FormsAuthenticationTicket(1, sUserName, DateTime.Now, Expiration,
> bIsPersistant, sRoles)
> Where bIsPersistant is false (checked).
> I even terminated the local webserver, the one executed by VWD.
> But since i do not persist, i don't think there is a filename right?
>
> "Patrice" <a@.bc.c> schreef in bericht
> news:OUd1BWZJGHA.3408@.TK2MSFTNGP12.phx.gbl...
>
I'll look into that tomorrow.
I had a heavy discussion last w
that colleagues of mine are misusingsession variables.
I don't want, if the session expires, the user get's bothered to log in
again.
I know, authentication is NOT session related, but my colleagues are
misusing the session object to store a user id into.
I have hard time to talk them into better use.
If the session expires and your o so precious variable got lost, make sure
you reload it and let the client continue with it's request.
But.. i got warned that they don't want to keep authentication 'open' for a
long period of time.
I used to set a month ahead and the auto-expire-increase stuff (forgot) so
the user was never bothered with a login again.
But now they want to use a time-out and force a login.
So i tested it today how it behavious.
Fine by me, important to me is that they should understand the session stuff
first.
Am i right on this?
"Kevin Spencer" <kevin@.DIESPAMMERSDIEtakempis.com> schreef in bericht
news:%23%23$LofcJGHA.3064@.TK2MSFTNGP10.phx.gbl...
> Why don't you use Session State? It behaves exactly the same (except for
> timing out), and in fact, when it uses cookies, it uses a non-persistent
> ("session") cookie to identify the client.
> More information: All you need to do to not persist a cookie is not to set
> the Expiration property. This creates a session cookie on the client,
> which is not stored in the file system, but in browser memory. The
> difference between using a session cookie on the client,and using Session
> State, is that Session State times out. The client session cookie will
> remain on the client until the domain is navigated away from, or the
> browser is closed.
> --
> HTH,
> Kevin Spencer
> Microsoft MVP
> .Net Developer
> Who is Mighty Abbott?
> A twin turret scalawag.
> "Edwin Knoppert" <news@.hellobasic.com> wrote in message
> news:43de087e$0$12833$ba620dc5@.text.nova.planet.nl...
>
> Am i right on this?
I would say yes. In fact, since you are wanting a timeout, Session is
actually the best solution for you.
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
Who is Mighty Abbott?
A twin turret scalawag.
"Edwin Knoppert" <info@.pbsoft.speedlinq.nl> wrote in message
news:drm3fp$d4a$1@.azure.qinip.net...
> I'll look into that tomorrow.
> I had a heavy discussion last w
that colleagues of mine are misusing> session variables.
> I don't want, if the session expires, the user get's bothered to log in
> again.
> I know, authentication is NOT session related, but my colleagues are
> misusing the session object to store a user id into.
> I have hard time to talk them into better use.
> If the session expires and your o so precious variable got lost, make sure
> you reload it and let the client continue with it's request.
> But.. i got warned that they don't want to keep authentication 'open' for
> a long period of time.
> I used to set a month ahead and the auto-expire-increase stuff (forgot) so
> the user was never bothered with a login again.
> But now they want to use a time-out and force a login.
> So i tested it today how it behavious.
> Fine by me, important to me is that they should understand the session
> stuff first.
> Am i right on this?
>
>
>
>
> "Kevin Spencer" <kevin@.DIESPAMMERSDIEtakempis.com> schreef in bericht
> news:%23%23$LofcJGHA.3064@.TK2MSFTNGP10.phx.gbl...
>
But.. that's quiet the opposite to what i meant.
I mean, you could use this 'trick' via a session but what i want is that the
session is not used for kinds of stuff.
The expiration of the authentication is not involved with the session so one
actually should use the authentication stuff to reach his goal right?
Expiration in a cookie can work the same as session expiring.
Like i said, using the session and making the client depending on it is a
bad approach imo.
"Kevin Spencer" <kevin@.DIESPAMMERSDIEtakempis.com> schreef in bericht
news:%23EO4OMfJGHA.3936@.TK2MSFTNGP10.phx.gbl...
> I would say yes. In fact, since you are wanting a timeout, Session is
> actually the best solution for you.
> --
> HTH,
> Kevin Spencer
> Microsoft MVP
> .Net Developer
> Who is Mighty Abbott?
> A twin turret scalawag.
>
> "Edwin Knoppert" <info@.pbsoft.speedlinq.nl> wrote in message
> news:drm3fp$d4a$1@.azure.qinip.net...
>
0 comments:
Post a Comment