Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET authentication cookie not deleting after Firefox is closed

Tags:

c#

authentication

asp.net

firefox

cookies

Im developing a small web aplication, used in a shared computer.

When the user closes the browser window, i want the session and the authentication to be deleted.

In the Login page i use something like this to authenticate the user:

FormsAuthenticationTicket authTicket =
      new FormsAuthenticationTicket(1,txtUser.Text,
                                    DateTime.Now,
                                    DateTime.Now.AddMinutes(5),
                                    false,"");

string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(faCookie);
string redirectUrl = FormsAuthentication.GetRedirectUrl(txtUser.Text, false);
HttpContext.Current.Response.Redirect(redirectUrl);

As you can see, i have set the "isPersistent" variable to false.

This seems to work on Chrome (haven't tested on IE), however, when i run the app on Firefox, with multiple tabs activated, if i close the browser and open again, im still authenticated, and the cookie is still there!

Its really strange, beacause the cookie should be removed on closing... Is this a bug from Firefox, when you have multiple tabs opened? How can i fix this?

Help is much appreciated!

Thanks in advance

like image 500
Tony Avatar asked Oct 29 '09 17:10

Tony

2 Answers

Are you closing the browser, or just the one tab? You need to close the whole browser. If you have multiple top-level browser windows open, all of them need to be closed. Also, any other windows that are part of the FireFox process need to be closed, too: Downloads, Live HTTP Headers, View Page Source, etc.

like image 122
GBegen Avatar answered Sep 23 '22 14:09

GBegen

Thanks for the tips guys, but im sure im closing the browser, without any more Firefox related windows opened.

By reading this, it seems that this is the default browser behavior, choosed by the Firefox 3 designers...

Seems it stores on the disk cookies suposed to be stored on RAM, to recover the tabs when you open the browser again. So if you want to session to be deleted, you need to close all tabs, and then the browser...

I think this can cause some flaws regarding authentication security, for example, someone is using the application, finish the job and leaves, by closing the browser, and not the tabs. Since the computer is shared, right after another user opens the browser, and he will see all the tabs, with the previous session restored...

like image 20
Tony Avatar answered Sep 25 '22 14:09

Tony
Sign in to Comment

Related questions

How to use same interface two times with diferrent template parameters, in an interface?
I need to do a histogram stretch
Creating "virtual" ScrollableControl?
Question regarding fluent interface in C#
Using loops to get at each item in a ListView?
Multi-Threading Question - adding an Element to a static List
Displaying a unicode text in C#
How can I figure out whether a C# app was launched from the desktop or the cmd shell?
JSON.NET and arrays using LINQ
When do I need to manage managed resources?
C# - Is it Possible to Iterate GC Heap?
Regex slow on Windows Server 2008
Marshalling array of strings to char ** in C#
What determines the order for sound devices in windows when using winmm.dll?
When to use run-time type information?
How to send parameters on an Https POST with C#
How do I deserialize XML namespaces in C# (System.Xml.Serialization)?
Switch compilation between compact and full .net framework?
C# - How to test whether an instance is the default value for its type
Silverlight 3 - Data Binding Position of a rectangle on a canvas

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!