FormsAuthentication cookie

  • Thread starter Thread starter G-Fit
  • Start date Start date
G

G-Fit

Hello group,

I use Forms Authentication in my web application and I am not sure I
understand the way the cookie works.

I use the SetAuthCookie method with a database identifier as userName, as
I would like the website to remember who is logged in (and I guess it
doesn't matter wether I store a name or an identifier, which is much more
convenient for me) :

FormsAuthentication.SetAuthCookie(reader["CTC_ID"].ToString(), true);

But then, I don't find any way to get it back later. The cookie contains
a very long string, is it encrypted ? Or do I need to set up a special
cookie to store my identifier ?

Karine Proot
G-Fit
 
AFAIK you cann't access the forms authentication cookie in the same way as
you would a normal cookie - it is used intermally by the forms
authentication processing. The only reason for specifying a particular
cookie is to avoid a possible name mismatch with other cookies, or other web
apps running on the same server.

If you want to store information about the user I think you should use the
Session object as normal. However, be aware that the forms authentication
timeout might not be the same as the session timeout, so your code cannot
assume that a Session exists if and only if the user is authenticated.

Andy
 
Andy Fish said:
AFAIK you cann't access the forms authentication cookie in the same way as
you would a normal cookie - it is used intermally by the forms
authentication processing. The only reason for specifying a particular
cookie is to avoid a possible name mismatch with other cookies, or other web
apps running on the same server.

If you want to store information about the user I think you should use the
Session object as normal. However, be aware that the forms authentication
timeout might not be the same as the session timeout, so your code cannot
assume that a Session exists if and only if the user is authenticated.
Click to expand...

That is exactly the problem I have, and that's why I tried to use the
authentication cookie alone.
Anyway, thanks for your answer !
 
Back
Top