Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Create non-persistent cookie with FormsAuthenticationTicket

Tags:

cookies

forms-authentication

httpcookie

I'm having trouble creating a non-persistent cookie using the FormsAuthenticationTicket. I want to store userdata in the ticket, so i can't use FormsAuthentication.SetAuthCookie() or FormsAuthentication.GetAuthCookie() methods. Because of this I need to create the FormsAuthenticationTicket and store it in a HttpCookie.

My code looks like this:

DateTime expiration = DateTime.Now.AddDays(7);

// Create ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,
    user.Email,
    DateTime.Now,
    expiration,
    isPersistent,
    userData,
    FormsAuthentication.FormsCookiePath);

// Create cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
cookie.Path = FormsAuthentication.FormsCookiePath;
if (isPersistent)
    cookie.Expires = expiration;

// Add cookie to response
HttpContext.Current.Response.Cookies.Add(cookie);

When the variable isPersistent is true everything works fine and the cookie is persisted. But when isPersistent is false the cookie seems to be persisted anyway. I sign on in a browser window, closes it and opens the browser again and I am still logged in. How do i set the cookie to be non-persistent?

Is a non-persistent cookie the same as a session cookie? Is the cookie information stored in the sessiondata on the server or are the cookie transferred in every request/response to the server?

like image 313
Marcus Avatar asked Nov 30 '09 11:11

Marcus

People also ask

What does Formsauthentication SetAuthCookie do?

The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection, or to the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.

What is Aspxauth cookie?

The ASPXAUTH cookie is used to determine if a user is authenticated. As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy.

What is Formsauthentication FormsCookieName?

The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.

1 Answers

Try deleting:

if (isPersistent) { cookie.Expires = expiration; }

... and replacing it with:

if (!isPersistent) { cookie.Expires = DateTime.Now.AddYears(-1); }

like image 131
Richard Avatar answered Sep 24 '22 03:09

Richard
Sign in to Comment

Related questions

How to create Play 1.x cookie for just the base domain (no sub domains)
ASP.NET MVC: How do SimpleMembership, SQLSession store, Authentication, and Authorization work?
Why is the magento frontend cookie not set
R httr post-authentication download works in interactive mode but fails in function
Cookies not set or sent in request in iOS Safari or Chrome works on all Android and Desktop Browsers
Web application Kerberos authentication: Is the proper way to combine with cookies?
Why isn't the Facebook JavaScript SDK setting cookies?
Javascript tracing of cookie source
Android WebView losing Cookies in redirects
Is there a solution to the hole in "Improved Persistent Login Cookie Best Practice"?
How to send received jsessionid via spring 4 resttemplate
set-cookie not working for IE11/10 after clearing cache
Privilege Escalation & Session Hijacking in Identity MVC5
Include cookies in HTTP requests when using the Google Cloud Endpoints JavaScript client
Cookies used in Google login
Why am I getting a _ga cookie on my localhost project?
How to set cookie in React Native with Expo?
Use Google Firebase Authentication without 3rd Party Cookies
Define Same-site cookie in web.xml cookie-config for Tomcat
Disable cookies when using the YouTube IFrame Player API script with the youtube-nocookie.com domain

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!