Last post Sep 09, 2008 04:06 PM by desertfoxaz
Sep 09, 2008 10:20 AM|TBarton|LINK
I have a site that I'm creating that uses authentication against AD. Now the process is that the user logs in and the site authenticates with AD and then creates a authentication cookie.
The problem I have been having is that is the session is aborted incorrectly (Crashed) the cookie is not deleted and the user cannot log back in until the cookie is manually deleted. This is the first method I was able to get working but I'm wondering if
there is a better way so that the user is not left hanging if the browser or PC crash or they do not log off correctly.
Is it possible to just authenticate the user with AD without using cookies and use say a timed session variable or store a variable in the Db to check?
Any thoughts would be appreciated.
Sep 09, 2008 04:06 PM|desertfoxaz|LINK
Have you tried using a non-persistent cookie? It will get deleted when the browser closes because it's stored in memory and not the hard drive. You can do this by creating a cookie and not setting an expiration date.