cookies/forms authentication

[Brian Shannon]

Currently I manage user login for our intranet through session variables. I
am in the process of converting this to forms authentication using a sql2000
DB.

I have a few users that need there machine a little more secure than others
for EDI purposes and can't accept cookies. Is there something that can be
done for situitions like this. Still use forms authentication but the
browser doesn't accept cookies.

As of now there are only 3 individuals who's browsers wont accept cookies.

Thanks for any suggestions.

 

[Jeffrey Hasan]

I have not tested this approach out myself, but this article speaks to your
scenario:

http://www.codeproject.com/aspnet/cookieless.asp

Jeffrey Hasan, MCSD
President, Bluestone Partners, Inc.

 

[Guest]

Your statement that their computers cannot accept cookies
is not entirely clear.

Has cookies been entirely disabled on their machines? Or
is it simply that you cannot use cookies for your
application?

If it is the case that the cookies are still enabled, then
you could encrypt the forms authentication cookie before
sending it to the client.

Here is an example:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;q301240

If the forms are entirely disabled on the client machines,
then you are pretty much stuck with the session variable
(or at least the session ID as a key).

Hope that helps.

~Chuck