.NET Forms Authentication / Session cookies

  • Thread starter Thread starter anony
  • Start date Start date
A

anony

Hi,

I have a site that uses forms authentication to secure the directory. The
site behaves as expected when viewed externally... if I close the browser
and attempt to access it again, I get prompted to login. However, locally
here on the network, if I close the browser and open a new one and access
the site again, I don't have to login. Can anyone shed some light as to
what's going on?

Thanks,
Brian
 
Are you sure that the permissions are the same in both cases.?
It sounds like one may be saving the cookie to disk and the other cannot so
it exists only for lifetime of the browser.
A
 
Well, it's the same code in both cases.... just behaving differently when
viewed internally and externally. I'm not using persistent cookies... just
forms authentication using session cookies.

Thanks.
 
If you are not using persistent cookies then it seems that integrated
security is authenticating you somehow.
You could test this with a non-IE browser.
A
 
It could be browser settings. Like your cookies are automatically deleted
when you close the browser on the external machine where they are not on
your LAN machine.
 
I'm just using session cookies, not persistent. But I think I've figured
out the behavior. My original post was misleading because the behavior is
the same from the outside as it is on the inside (sorry about that!). The
page that is otherwise protected by forms authentication gets stored in the
temporary internet files folder and that is the page that is actually being
loaded when revisiting the live site (even after refreshing?). If I delete
the file and refresh my page, then forms authentication kicks in as expected
and makes them login. Now I've been playing with http/asp cache methods...

Thanks,
Brian
 
Back
Top