I have a url like http://www.foo.com/NewPage.aspx?pageid=10. However to some users this gets displayed as http://://www.foo.com/NewPage.aspx?pageid=10&
Now i read that the AspxAutoDetectCookieSupport=1 gets appended as in my web.config since I have my web.config as <sessionState cookieless="AutoDetect"/> whereas it should be <sessionState cookieless="UseCookies"/>
What I wanted to know is that is there an issue doing this change.
Try <sessionState mode="InProc" cookieless="false" timeout="20" />
for ref remove AspxAutoDetectCookieSupport
or use this in web config,
<authentication mode="Forms">
<forms cookieless="UseCookies"/>
</authentication>
Browsing through this issue i found in one article
You could change your setting from
cookieless="AutoDetect" to
cookieless="UseCookies". This will get
rid of it, but users without cookies
won't be able to pass session objects
around. Depending on how you are using
sessions, this may or may not matter.
You could also write a routine that
sniffs search robots and rewrite the
Url, or write .browser files for the
search engines you are concerned
about.
For ref: Remove cookie support
Related
This ASPX app I'm working on keeps logging me out mid-session. I tried changing this:
<sessionState mode="InProc" timeout="24" />
To
<sessionState mode="InProc" cookieless="true" timeout="1440" />
But it still times out every couple of minutes (sometimes sooner). I've never programed in ASPX before and I'm just making basic layout changes (removing three nested tables, etc.), but it's horrible how many times I have to log in to do even the simplest things.
Any clue what else might be timing me out if not the session state? I didn't write any of this...
The InProc and the session is not keep the logging authentication. This authentication is done using some other cookie that if you loose it you logged out.
There are two points to look - if you move from http to https and if you move from www. to non www. pages.
To solve that go to your web.config and check if you have setup that properties correctly (especial the domain).
<authentication mode="Forms">
<forms timeout="50" path="/" requireSSL="true" cookieless="UseCookies" domain="domain.com" />
</authentication>
Also check on roleManager and on httpCookies that you have setup the domain.
When running locally, my site runs fine. However when on the live site, after around 10 seconds of inactivity I keep getting logged out.
My web config line for authentication looks like the following:
<forms name="RaiseFLAuthentication" loginUrl="home.aspx" cookieless="UseCookies" defaultUrl="/myPredictions.aspx" timeout="240" slidingExpiration="false"/>
I have also tried putting <sessionState timeout="30"></sessionState>but this hasn't worked either.
A second issue I am having is that although i have set the defaulturl to myPredictions.aspx, when I go to the url www.website.co.uk and log in, it does not redirect here, it stays as default url. Although again, running locally I have no problem.
Can anyone suggest why either of these things are happening and how to fix this?
Here are my answers to your questions:
1) This one is a bit tricky because you mentioned it's working fine locally but try this (assuming you are using InProc session mode):
<sessionState mode="InProc" cookieless="true" timeout="30" />
2) It seem like you are missing the tilde (~) in your defaultUrl attribute.
<forms name="RaiseFLAuthentication" loginUrl="home.aspx" cookieless="UseCookies" defaultUrl="~/myPredictions.aspx" timeout="240" slidingExpiration="false" />
The time out is controlled by the sessionState element, the default is 20 minutes if a timeout is not specified, so if all you get is 10 seconds I would look elsewhere in your code for the cause of the problem.
With regard to your re-direct issue. This has already been answered here.
I am debugging my project at my local machine. I am storing information in two default cookies .ASPXAUTH and .ASPXANONYMOUS. However, I realise they are deleted everytime when I stop debugging. So SQL server can never match up the previous profile settings.
I read this link it says these cookies are only working when you get a real IP address.I do not have a .net+SQL server that I can use for upload testing. Question is, can I preserve the cookies or somehow make it work in my local machine? Thanks
<authentication mode="Forms">
<forms name=".ASPXAUTH" defaultUrl="~/Home/Index" loginUrl="~/Account/LogOn"
protection="All" cookieless="AutoDetect" slidingExpiration="true" timeout="8760" />
</authentication>
<anonymousIdentification cookieName=".ASPXANONYMOUS" cookieProtection="All" cookieless="AutoDetect"
enabled="true" cookieSlidingExpiration="true" cookieTimeout="8760" />
EDIT: To get an idea of the problem please see this pic below.
Instead of just keep using first row as UserId, the .NET membership keeps creating new entry everytime when I stop/start a new debugging. Reason is the old cookies in last session was deleted as soon as debugging was stopped.
Have you tried to verify if the delete browsing history is not checked fro your internet options. If that`s checked, it might be deleting the cookies.
I have floder in wwwroot that contain all the pages for a website.
the problem is that session and cookies are not save between the pages, although that the session is recognized, but always empty!
What do I have to do in order to enable session and cookies between the pages?
I tried adding this line to web.config
<authentication mode="Forms">
<forms cookieless="AutoDetect" domain="" timeout="10" protection="All" />
</authentication>
And I turn the folder to an Application throw the IIS manager tools.
but nothing :(
the IIS version is 7
Thanks for any help
Have you checked that session state is enabled in IIS7?
http://technet.microsoft.com/en-us/library/cc725624%28WS.10%29.aspx
You also need to ensure that you have the session state config setting setup in your web.config in your application.
Here's an example of mine
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
You should check out
http://msdn.microsoft.com/en-us/library/ms178586.aspx
Edit: updated the above link, the previous one was defunct.
I'm working on a web application that is using Forms authentication.
<authentication mode="Forms">
<forms slidingExpiration="true"
loginUrl="~/User.aspx/LogOn"
timeout="15"
name="authToken" />
</authentication>
I'm seeing this cookie set in my browser when I log in:
The question is what happens when I put this website in a load balanced model? Where is the ASP.net session cookie being set? I didn't explicitly do it in code, so I assume it's happening behind the scenes somewhere in ASP.Net.
Also, If the session cookie is set by web server A, I assume web server B won't recognize it and treat it as an invalid session. If this is the case, I probably don't want to use it, right?
You'll have to set the machine key to be the same and the name to be the same on both machines...if this is done you should have no problems load balancing with forms auth.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" defaultUrl="~/"
name=".myportal"
protection="All" slidingExpiration="true" timeout="20" path="/"
requireSSL="false"></forms>
</authentication>
<machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>
Sessions can get slightly more complicated. You can store the ASP.Net session state in the database or use a shared session provider to make it available for load balancing as well.
Here is a good article on storing session state in the DB: http://idunno.org/articles/277.aspx