My project had a problem updating the forms authentication session due to conflicting cookie forms with files.
Detailed description:
After the user logs in, one auth cookie (FACookieA) is created and he / she is authenticated. However, when it comes to updating the cookie, a second form of auth cookie (FACookieB) is created and FACookieA is not updated. The user is redirected to the login page at the request of the page after the expiration date in FACookieA, even before the expiration date in FACookieB.
Generated Cookies:
Please note that both cookies have the same name.
FACookieA:
name: FormsAuth domain: .formsauth.com
pay attention to ".". pre-added by .NET, "formauth.com" is in the Ticket Authentication Ticket section
FACookieB:
name: FormsAuth host: a.formsauth.com
note that the cookie uses the βhostβ, not the domain, and βa.formsauth.comβ is based on the current domain of the request URL.
Verified project URL:
a.formsauth.com
Web.config:
<forms loginUrl="~/Account/Login.aspx" name="FormsAuth"/>
the code
public partial class Account_Login : System.Web.UI.Page { protected void LoginButton_Click(object sender, EventArgs e) { if (Membership.ValidateUser(LoginUser.UserName.Trim(), LoginUser.Password.Trim())) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, "username", DateTime.Now, DateTime.Now.AddMinutes(2), false, string.Empty ); string encryptedTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Domain = "formsauth.com"; cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Remove(cookie.Name); Response.Cookies.Add(cookie); Response.Redirect("~/Account/ChangePassword.aspx");
Questions:
1) How to generate a cookie with a single file so that users can update their auth session and not log out?
Questions:
1) The project should support several languages ββwith possible domain formats below:
a.formsauth.com a.en.formsauth.com a.us.formsauth.com
and
b.formsauth.com b.en.formsauth.com b.us.formsauth.com
Thus, I cannot set the domain attribute of the Forms element declaratively. Since two sets of domains cannot share cookies, cookie sharing is allowed within the same set. The same code base is used for different applications with different domains. But one set of domains can share cookies.
2) The built-in FormsAuthenticationModule by default updates the user's session cookie, so I do not control the domain in the cookie. Please note: FormsAuthenticationTicket is used to create a cookie when using the login, as shown above.
Any idea?