You're welcome Senol,
Good luck!
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: using Session with FormsAuthentication
| thread-index: AcXaOXll/4gAWG5TRtiPEHfdloGTIA==
| X-WBNR-Posting-Host: 81.214.84.153
| From: "=?Utf-8?B?xZ5lbm9sIEFrYnVsYWs=?=" <
[email protected]>
| References: <
[email protected]>
<
[email protected]>
<
[email protected]>
<
[email protected]>
| Subject: Re: using Session with FormsAuthentication
| Date: Wed, 26 Oct 2005 07:28:03 -0700
| Lines: 163
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.dotnet.framework.aspnet:133965
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hi Steven;
|
| I found my answer in your reply.
|
| Thank you very much.
|
| --
| ______________________________
| Åženol Akbulak
|
|
| "Steven Cheng[MSFT]" wrote:
|
| > Hi Senol,
| >
| > As for your problem, two things should be noticed:
| >
| > 1. For IE browser, it'll start a new session if we launch a new IE
windows
| > by creating a new IE instance rather than derived one from existing IE
| > window(e.g CTRL+N or ues "File->New->Windows" menu in an existing IE
| > window). In the latter case, the new windows will share the original
| > windows(opener )'s session.
| >
| > 2. For cookie, there are generally two kinds of cookies: session cookie
and
| > persistent cookie(non-session). Session cookie's lifecycle is as long
as
| > the browser window which associated with that session, when all those
| > windows associated with that session is closed , the corresponding
session
| > cookie is also destroyed. for persistent cookie, it'll be persited in
the
| > client computer's cookie storage event when all IE windows are closed.
and
| > next, when user open IE to navigate that site again, the persisted
cookie
| > will be associated by browser again.
| >
| > ASP.NET Session State use a session cookie to identify sessionId(if not
in
| > cookieless mode). However for formsauthentication, it provide both
session
| > cookie or persistent cookie for the authentication ticket. So for your
| > scenario, you should choose session cookie as the Formsauthentication's
| > Authenticate ticket's cookie type so that when user (specific to a
session)
| > close all the associated windows, the formsauthentication's ticket will
| > also be destroyed as well as the sessionid cookie.
| >
| > For example, the following code just generate the authenticated user's
| > authenticate ticket as non-persistent cookie(session cookie)
| >
| >
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("username",fal
| > se);
| >
| > Hope helps. Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure!
www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| >
| >
| > --------------------
| > | Thread-Topic: using Session with FormsAuthentication
| > | thread-index: AcXZUSbOu3noMGBDRw+bxpHlItQY+w==
| > | X-WBNR-Posting-Host: 81.214.84.153
| > | From: "=?Utf-8?B?xZ5lbm9sIEFrYnVsYWs=?="
<
[email protected]>
| > | References: <
[email protected]>
| > <
[email protected]>
| > | Subject: Re: using Session with FormsAuthentication
| > | Date: Tue, 25 Oct 2005 03:45:01 -0700
| > | Lines: 65
| > | Message-ID: <
[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 8bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:133675
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | Antonio;
| > |
| > | Thank you for your quick answer.
| > |
| > | I want that when user open a new browser, user must login again. How
can
| > I
| > | make that?
| > |
| > | Thank you.
| > | --
| > | ______________________________
| > | Åženol Akbulak
| > |
| > |
| > | "AF" wrote:
| > |
| > | > > Hello;
| > | > Hi! (answers inline)
| > | >
| > | > > I use in my web application FormsAuthentication. Also I use
Session
| > state
| > | > > (InProc).
| > | > okay.
| > | >
| > | > > When a user logged in, I can read Session parameters. (For example
| > | > > Session["USER_ID"]). Problem is that, when user close the browser
| > window then
| > | > > open a new browser, FormsAuthentication reads from cookie and
user
| > logs in.
| > | >
| > | > This is not a problem, this is what it is used for. The cookie
you've
| > built is used to
| > | > authentify the user automatically.
| > | >
| > | >
| > | > > Althought user logged in, session parameter is null.
| > | >
| > | > These are your implementation and your business rules. If you
decided
| > that a logged
| > | > in user should have a 'USER_ID' session parameter set whil logged,
you
| > need to ensure
| > | > that when authentication occurs, other parameters are ALSO set.
| > | >
| > | > The typical case when using managed authentication is having the
| > following states:
| > | >
| > | > 1) the user connects to the service
| > | > 2) the user is automatically connected
| > | > 3) the user is connected but its session parameters are 'empty'
(except
| > for ID)
| > | > 4) the application detects the user is valid but session has not
been
| > prepared yet
| > | > 5) the application finishes preparing the session
| > | > 6) the user is then ready to browse the service and redirected to
the
| > desired document
| > | >
| > | > You are currently at step 3 of the process. Best thing should be to
add
| > some information
| > | > into the session when it gets validated and check for its
existence:
| > | >
| > | > if(User.IsLoggedIn())
| > | > {
| > | > if(!(MyUtils.GetSessionValue("ready").Equals"ok"))
| > | > {
| > | > Session["USER_ID"] = GetUserId();
| > | > Session["USER_EMAIL"] = GetUserEmail();
| > | > .....
| > | > }
| > | > }
| > | >
| > | >
| > | >
| > | > Antonio Fontes
| > | >
http://www.futureblogs.net/antonio
| > | >
| > | >
| > | >
| > |
| >
| >
|