HELP - Forms Auth Cookie persists after closing browser...
-
Hi Guys, I need your help :-) I have forms authentication setup on an asp.net portal. Even though I have the auth ticket to "NOT" persist, it does so after closing the browser... I have tried all the tricks with FormsAuthentication.SignOut() but still no cure. Is there a way I could get rid of the forms auth cookie when the client browser is closed?? Many thanks in advance :-)
Green Grape
-
Hi Guys, I need your help :-) I have forms authentication setup on an asp.net portal. Even though I have the auth ticket to "NOT" persist, it does so after closing the browser... I have tried all the tricks with FormsAuthentication.SignOut() but still no cure. Is there a way I could get rid of the forms auth cookie when the client browser is closed?? Many thanks in advance :-)
Green Grape
Grapes-R-Fun wrote:
Even though I have the auth ticket to "NOT" persist
How? That's the first thing I would check. If there is a mechanism that is supposed to result in the browser not caching the cookie and it's not working then the first thing I would suspect is my implementation of the mechanism.
-
Grapes-R-Fun wrote:
Even though I have the auth ticket to "NOT" persist
How? That's the first thing I would check. If there is a mechanism that is supposed to result in the browser not caching the cookie and it's not working then the first thing I would suspect is my implementation of the mechanism.
Mike, I don't know what's causing it to behaive this way... I'm running out of options! This is my code:
if (_IsAuthenticated)
{
FormsAuthenticationTicket _ticket = new FormsAuthenticationTicket(1,
this.userHandletbx.Text + "_" + DateTime.Now.ToString(),
DateTime.Now,
DateTime.Now.AddMinutes(30),
false, // Value of IsPersistent property
String.Empty,
FormsAuthentication.FormsCookiePath);string \_encryptedTicket = FormsAuthentication.Encrypt(\_ticket); HttpCookie \_authCookie = new HttpCookie( FormsAuthentication.FormsCookieName, \_encryptedTicket); \_authCookie.Secure = false; Response.Cookies.Add(\_authCookie); FormsAuthentication.RedirectFromLoginPage(this.userHandletbx.Text, true);}
And this is my web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
name=".ASPXFORMSAUTH"
protection="All"
path="/"
timeout="40"
defaultUrl="Home.aspx"
enableCrossAppRedirects="false"
slidingExpiration="true"></forms></authentication>
...and no matter where I stick
FormsAuthentication.SignOut()
it doesn't kill that darn cookie! Am I missing something? Is this a blonde moment I'm having? ;P Thanks for your help, by the way.
Green Grape
-
Mike, I don't know what's causing it to behaive this way... I'm running out of options! This is my code:
if (_IsAuthenticated)
{
FormsAuthenticationTicket _ticket = new FormsAuthenticationTicket(1,
this.userHandletbx.Text + "_" + DateTime.Now.ToString(),
DateTime.Now,
DateTime.Now.AddMinutes(30),
false, // Value of IsPersistent property
String.Empty,
FormsAuthentication.FormsCookiePath);string \_encryptedTicket = FormsAuthentication.Encrypt(\_ticket); HttpCookie \_authCookie = new HttpCookie( FormsAuthentication.FormsCookieName, \_encryptedTicket); \_authCookie.Secure = false; Response.Cookies.Add(\_authCookie); FormsAuthentication.RedirectFromLoginPage(this.userHandletbx.Text, true);}
And this is my web.config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
name=".ASPXFORMSAUTH"
protection="All"
path="/"
timeout="40"
defaultUrl="Home.aspx"
enableCrossAppRedirects="false"
slidingExpiration="true"></forms></authentication>
...and no matter where I stick
FormsAuthentication.SignOut()
it doesn't kill that darn cookie! Am I missing something? Is this a blonde moment I'm having? ;P Thanks for your help, by the way.
Green Grape
Grapes-R-Fun wrote:
...and no matter where I stick FormsAuthentication.SignOut() it doesn't kill that darn cookie! Am I missing something?
First two obvious questions are: 1) Is the code executing? The function can't work if it is never being called. 2) Have you followed all the directions of the documentation for the SignOut method?