not sure about FormsAuthentication...

[Daves]

I'm using an authentication (login) code of my own, completely bypassin
asp.net's membership functions... Isn't it enough to just set the
Session["UserName"] value on login and then erasing when user logs out? Is
there any need to use

FormsAuthentication.SetAuthCookie(...)

unless I want the login stored in cookie on client side?

 

[Erik Funkenbusch]

I'm using an authentication (login) code of my own, completely bypassin
asp.net's membership functions... Isn't it enough to just set the
Session["UserName"] value on login and then erasing when user logs out? Is
there any need to use

FormsAuthentication.SetAuthCookie(...)

unless I want the login stored in cookie on client side?

Sure, you can do your method, but you're going to have to validate each and
every page yourself to ensure that the username value is set. Using
SetAuthCookie ASP.NET will take care of verifying that users have access to
your page automatically.

 

[Guest]

Rule one of security don't make your own security.