Wrox Programmer Forums
|
BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3
This is the forum to discuss the Wrox book Beginning ASP.NET 3.5: In C# and VB by Imar Spaanjaars; ISBN: 9780470187593
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old April 7th, 2009, 07:46 AM
Registered User
 
Join Date: Apr 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 15 Role Management Question

Hey guys,

I got a question regarding the role management in ch15. On page 549's try it out section step 11, I tried to paste the management page url to the same explorer instance rather than do it on a new instance of explorer after logout but I was brought back to the management page without being required to login. Is the session spposed to be ceased immediatly when I logout? Why would I have to open a new explorer instance to bring me to the login page? A bit confused...
 
Old April 7th, 2009, 01:27 PM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

When you have multiple Explorer windows, they share cookies. So while you're logged out in one, the other may still have the authentication cookie. Since it's a *client* log out, the server doesn't know you logged out in the other window.

By closing the browser, you can be sure no cookies are left, and you'll need to reauthenticate.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old April 8th, 2009, 02:02 AM
Registered User
 
Join Date: Apr 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for your Reply, Imar!

I haven't looked into the way membership service implements logout function, but I guess session state is cleared up as soon as the logout button is clicked. I guess even if users cookies are used to store user information, logout is enough to expire the cookies on my computer, and any other explorers will lose the authentication too when sending a new request. I think closing a window is to cease a session rather than clear up cookies and persistent cookies are supposed to be cleared up by logout function.
Please correct me if I'm wrong.

Following your example on P548 step 10, Without checking the "Remember me" option, I suppose user state is kept by session state rather than cookies. In this scenario, when I logout, my session state is supposed to be ceased immediantly. However, when I paste the management url to the same browser without closeing it after logout, I can still access the management page.

Could you explain why that happens?

Thanks again for your time to solve my doubt!
 
Old April 8th, 2009, 04:26 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi there,

Sessions are not used in the site, so they are not involved here. Besides, they rely on cookies as well so the same rules with regards to expiration apply.

When you click the Logout link in step 11, then don't close the browser and paste the Management URL in the browser again, you *think* you can still access the page. However, as soon as you refresh the page using Ctrl+F5 you get the Login screen again. You are really logged out from the site's / browser's perspective, but the browser serves you a cached copy.

Instead of telling you to close the browser, I could have instructed you to refresh the page. However, in order to avoid confusion, and let you focus on the mechanics of logging in, I chose to let you close the browser.

For the record: forms authentication data is by default stored in cookies, and so are the roles.

Hope this clarifies things.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old April 9th, 2009, 12:07 AM
Registered User
 
Join Date: Apr 2009
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Imar,

Thanks for the clarification!

Regarding the authentication cookies, I noticed that the first time I login(Without ''Remember me''), the server allocates me a ".ASPXAUTH" cookie which I figure is the non-persistent "authentication cookie" you mentioned. Strangely enough, this cookie is not sent to the server when a new request a sent on a new opened explorer after login.

Does this imply that the "authentication cookie" is not shared by different explorer instance and it's session-specific?

Wow..I found myself spending too much time trying to figure out how the membership is implemented. I will probably need to move on to finish this book first!

Great book btw!!!

Will
 
Old April 9th, 2009, 02:17 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

It depends on the browser. Most browsers share cookies between tabs, but not between real instances of the browser.

You could install something like Fiddler and see what traffic is sent to the brwoser exactly.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!





Similar Threads
Thread Thread Starter Forum Replies Last Post
Membership and Role Management Challange Prolifik4life ASP.NET 2.0 Professional 1 March 4th, 2009 08:18 AM
Chapter 15 FooReader.Net Question maxint40 BOOK: Professional Ajax 2nd Edition ISBN: 978-0-470-10949-6 5 April 13th, 2007 09:14 AM
Membership and Role Management frosty ASP.NET 2.0 Basics 1 July 18th, 2006 12:46 AM
Need Help With Membership & Role Management Carl Grainger ASP.NET 2.0 Basics 2 January 13th, 2006 12:50 AM
Chapter 15 - functions.php question buzzuh BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 1 September 7th, 2004 08:31 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.