I think it has something to do with your IE configuration. Again, do a network trace to see if the cookie is being issued to the browser and if the browser is sending it back to the server.
That's the cookieless model with forms auth. For some reason it thinks IE isn't accepting cookies and puts the ID in the URL. I think I mentioned why this is dangerous, but here's my post on it:
Please see this picture, I would like to know why IE is inserting X(1) in the url also in the link of each menu, and it is changing / by %2f (see all red circles).
I said already -- the X() in the URL is the cookieless forms auth user ID value. Even if it were working, you should disable this feature because it's not secure. Go search MSDN for the docs on it to learn more.
%2f is the URL encoded version of the "/" character.
I said already -- the X() in the URL is the cookieless forms auth user ID value. Even if it were working, you should disable this feature because it's not secure. Go search MSDN for the docs on it to learn more.
%2f is the URL encoded version of the "/" character.
yes, you said it, but why does FF work fine ? and it doesn't have that behavior. it doesn't make any sense. See this pic
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 11:08 PM|LINK
I think it has something to do with your IE configuration. Again, do a network trace to see if the cookie is being issued to the browser and if the browser is sending it back to the server.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 12, 2012 07:29 PM|LINK
you can see the network trace in the pics above.
I really need help with this
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 12, 2012 09:57 PM|LINK
when I use FF I can see this url:
http://192.168.1.10/SAAWebApp/Roles/CreateUserWizardWithRoles.aspx
but, when I use IE I can see this:
http://192.168.1.10/SAAWebApp/(X(1)F(9OcrW1KU4mDKRSNia5jvt0Azk0FHreN2T-x749wcnqkZ54SghxW7nv-ZeunV2uCcDOROjG3cdy5Kh2dXb76-IdXqy2StD5gsrdqQmHzgGLg1))/Roles/CreateUserWizardWithRoles.aspx
what's this ?
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 12, 2012 11:02 PM|LINK
That's the cookieless model with forms auth. For some reason it thinks IE isn't accepting cookies and puts the ID in the URL. I think I mentioned why this is dangerous, but here's my post on it:
http://brockallen.com/2012/04/08/cookieless-session-considered-dangerous/
In short -- disable cookieless. Microsoft even suggests this.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 13, 2012 09:12 PM|LINK
Please see this picture, I would like to know why IE is inserting X(1) in the url also in the link of each menu, and it is changing / by %2f (see all red circles).
any clue?
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 13, 2012 09:18 PM|LINK
I said already -- the X() in the URL is the cookieless forms auth user ID value. Even if it were working, you should disable this feature because it's not secure. Go search MSDN for the docs on it to learn more.
%2f is the URL encoded version of the "/" character.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 14, 2012 08:45 PM|LINK
yes, you said it, but why does FF work fine ? and it doesn't have that behavior. it doesn't make any sense. See this pic
BrockAllen
All-Star
27526 Points
4903 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 15, 2012 01:02 AM|LINK
Because it's dynamic. FF is accepting cookies whereas the others aren't.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/