 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / October 2005using Session with FormsAuthentication
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session["USER_ID"]). Problem is that, when user close the browser window then open a new browser, FormsAuthentication reads from cookie and user logs in. Althought user logged in, session parameter is null. How can I make Session and FormsAuthentication accordant? Thank you in advance.  Signature______________________________ Şenol Akbulak > Hello; Hi! (answers inline) > I use in my web application FormsAuthentication. Also I use Session state > (InProc). okay. > When a user logged in, I can read Session parameters. (For example > Session["USER_ID"]). Problem is that, when user close the browser window then > open a new browser, FormsAuthentication reads from cookie and user logs in. This is not a problem, this is what it is used for. The cookie you've built is used to authentify the user automatically. > Althought user logged in, session parameter is null. These are your implementation and your business rules. If you decided that a logged in user should have a 'USER_ID' session parameter set whil logged, you need to ensure that when authentication occurs, other parameters are ALSO set. The typical case when using managed authentication is having the following states: 1) the user connects to the service 2) the user is automatically connected 3) the user is connected but its session parameters are 'empty' (except for ID) 4) the application detects the user is valid but session has not been prepared yet 5) the application finishes preparing the session 6) the user is then ready to browse the service and redirected to the desired document You are currently at step 3 of the process. Best thing should be to add some information into the session when it gets validated and check for its existence: if(User.IsLoggedIn()) { if(!(MyUtils.GetSessionValue("ready").Equals"ok")) { Session["USER_ID"] = GetUserId(); Session["USER_EMAIL"] = GetUserEmail(); ..... } } Antonio Fontes http://www.futureblogs.net/antonio Antonio; Thank you for your quick answer. I want that when user open a new browser, user must login again. How can I make that? Thank you. Signature______________________________ Şenol Akbulak > > Hello; > Hi! (answers inline) [quoted text clipped - 40 lines] > Antonio Fontes > http://www.futureblogs.net/antonio Hi Senol, As for your problem, two things should be noticed: 1. For IE browser, it'll start a new session if we launch a new IE windows by creating a new IE instance rather than derived one from existing IE window(e.g CTRL+N or ues "File->New->Windows" menu in an existing IE window). In the latter case, the new windows will share the original windows(opener )'s session. 2. For cookie, there are generally two kinds of cookies: session cookie and persistent cookie(non-session). Session cookie's lifecycle is as long as the browser window which associated with that session, when all those windows associated with that session is closed , the corresponding session cookie is also destroyed. for persistent cookie, it'll be persited in the client computer's cookie storage event when all IE windows are closed. and next, when user open IE to navigate that site again, the persisted cookie will be associated by browser again. ASP.NET Session State use a session cookie to identify sessionId(if not in cookieless mode). However for formsauthentication, it provide both session cookie or persistent cookie for the authentication ticket. So for your scenario, you should choose session cookie as the Formsauthentication's Authenticate ticket's cookie type so that when user (specific to a session) close all the associated windows, the formsauthentication's ticket will also be destroyed as well as the sessionid cookie. For example, the following code just generate the authenticated user's authenticate ticket as non-persistent cookie(session cookie) System.Web.Security.FormsAuthentication.RedirectFromLoginPage("username",fal se); Hope helps. Thanks, Steven Cheng Microsoft Online Support SignatureGet Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | Thread-Topic: using Session with FormsAuthentication | thread-index: AcXZUSbOu3noMGBDRw+bxpHlItQY+w== | X-WBNR-Posting-Host: 81.214.84.153 | From: "=?Utf-8?B?xZ5lbm9sIEFrYnVsYWs=?=" <senolakbulak@newsgroup.nospam> | References: <08BE12EC-EDCA-486C-997E-CCFFB172E865@microsoft.com> <OctMS5U2FHA.3588@TK2MSFTNGP15.phx.gbl> | Subject: Re: using Session with FormsAuthentication | Date: Tue, 25 Oct 2005 03:45:01 -0700 [quoted text clipped - 13 lines] | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework.aspnet:133675 | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet | [quoted text clipped - 51 lines] | > Antonio Fontes | > http://www.futureblogs.net/antonio Hi Steven; I found my answer in your reply. Thank you very much. Signature______________________________ Şenol Akbulak > Hi Senol, > [quoted text clipped - 130 lines] > | > Antonio Fontes > | > http://www.futureblogs.net/antonio You're welcome Senol, Good luck! Steven Cheng Microsoft Online Support SignatureGet Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- | Thread-Topic: using Session with FormsAuthentication | thread-index: AcXaOXll/4gAWG5TRtiPEHfdloGTIA== | X-WBNR-Posting-Host: 81.214.84.153 | From: "=?Utf-8?B?xZ5lbm9sIEFrYnVsYWs=?=" <senolakbulak@newsgroup.nospam> | References: <08BE12EC-EDCA-486C-997E-CCFFB172E865@microsoft.com> <OctMS5U2FHA.3588@TK2MSFTNGP15.phx.gbl> <3090E9D9-51F2-45FB-9F53-9EFB65E52950@microsoft.com> <kHgrfzc2FHA.3936@TK2MSFTNGXA01.phx.gbl> | Subject: Re: using Session with FormsAuthentication | Date: Wed, 26 Oct 2005 07:28:03 -0700 [quoted text clipped - 13 lines] | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework.aspnet:133965 | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet | [quoted text clipped - 33 lines] | > For example, the following code just generate the authenticated user's | > authenticate ticket as non-persistent cookie(session cookie) System.Web.Security.FormsAuthentication.RedirectFromLoginPage("username",fal | > se); | > [quoted text clipped - 99 lines] | > | > Antonio Fontes | > | > http://www.futureblogs.net/antonio Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.