forms authentication cookie replacement
Question
I have a problem with users being kicked out after the forms authentication ticket is renewed and the old one has expired. The first ticket i get when i signed in is:
Ticket: A094D6F0401A5B6D97688198B09F17B03D209............ Ends: Thu, 28 Mar 2013 08:56:33 GMT
And after some time the ticket is renewed and i get this cookie: (The cookie expire when the ticket is expire, so no problem there)
Ticket: 215373E662852AD0CC540AC27F547787............. Ends: Thu, 28 Mar 2013 08:58:17 GMT
This ticket is renewed by a javascript reloader in the background for the user. Now, if i update the page, i will be kicked out, why? When i renew the ticket i use this:
var Id = (FormsIdentity)HttpContext.Current.User.Identity;
var Ticket = Id.Ticket;
var NewAuthTicket = FormsAuthentication.RenewTicketIfOld(Ticket);
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(NewAuthTicket), new[] {""});
if (NewAuthTicket != null && NewAuthTicket.Expiration > Ticket.Expiration)
{
// Create the (encrypted) cookie.
var ObjCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(NewAuthTicket))
{
HttpOnly = true,
Expires = NewAuthTicket.Expiration,
Secure = FormsAuthentication.RequireSSL
};
// Add the cookie to the list for outbound response.
HttpContext.Current.Response.Cookies.Add(ObjCookie);
Ticket = NewAuthTicket;
}
Is there any solution for this?
UPDATE:
When i set the cookie for the first time i use this:
var ExpiryDate = !rememberMe ? DateTime.Now.AddMinutes(cookieTimeoutHour) : DateTime.Now.AddYears(1);
//create a new forms auth ticket
var Ticket = new FormsAuthenticationTicket(2, ui.UserNr.ToString(CultureInfo.InvariantCulture), DateTime.Now, ExpiryDate, true, String.Empty);
//encrypt the ticket
var EncryptedTicket = FormsAuthentication.Encrypt(Ticket);
//create a new authentication cookie - and set its expiration date
var AuthenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)
{
Expires = Ticket.Expiration,
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL
};
Current.Response.Cookies.Add(AuthenticationCookie);
1 answers
solution1
0 ACCPTED 2013-03-28 09:26:48
Why go to all that effort when a simple keep-alive on the client page will keep the forms authentication cookie alive?
jQuery example:
$(function() {
window.setInterval(keepalive, 600000); // run keepalive every 10 mins
});
function keepalive()
{
$.get({url:'/myemptykeepalivepage.aspx',cache:false});
}
When the client closes the browser, the interval function is cancelled and voila, the forms auth ticket will expire naturally.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.