Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Testing cookie success

Status
Not open for further replies.
Craftor

Craftor

Programmer
Feb 1, 2001
420
NZ
Hi everyone

I'm sure this will sound like a pretty silly question to all of you who are old hands at web development. I have a 'default.aspx' page and a 'login.aspx' page. The idea is that when a user opens default.aspx, if they are not logged in, they will be redirected to login.aspx - where they will have to enter a valid user name and password (checked against a database).

Once successfully logged in, a FormsAuthenticationTicket is created - with an expiry time of 60 minutes, and they are redirected to the default.aspx page via the RedirectFromLoginPage method.

My code works fine - but how do I test that the cookie actually works? If a user has logged in in the past hour, I want them to be able to access the default.aspx page without having to log in again. When I run the project, it is sending me automatically to the login.aspx page - but is this just because its a new session? I'm not all that familiar with sessions etc. [cry]

If anyone could shed a bit of light on this for me, please?

Thanks as always

Craftor
:cool:
 
Sort by date Sort by votes
Can I just try and clarify your question so I don't give you a stupid answer? From my understanding you are logging a user then writting a cookie out that flags him as logged in. The cookie expires in 60 minutes.
When the user comes to the page (whatever page it is) the code checks for the cookie. If it is found you load the page, if not you redirect to the login page.
What you are saying is that you always go to the login page?
If this is the case, can you post your code where you create the cookie and conditions that the cookie creation is dependant on.
 
Upvote 0 Downvote
Chopsaki - basically what happens is (as far as I can tell) - the cookie is created once the user logs in with the correct user name and password - I don't get any errors in the 'cookie' code so I'm assuming it's created correctly. Whenever I restart my project, I ALWAYS go to the logon page - no matter if I logged in correctly or not. And, no, the logon page isn't set as the start page ;-)

From what I've read, I think this is because a new session is started every time I start a new project? If that is the case, how do I test that the cookie is actually checking that the user is logged in for every page that is visited?

What should happen is that if the user has logged in in the last hour, they can access any page. If the session is still open after an hour, the cookie should be renewed. If not, they will have to log in again.

This is the code in my logon page if the username and password are entered correctly:

Session["IsLoggedIn"] = "yes";

//create the FormsAuthenticationTicket
tktLogin = new FormsAuthenticationTicket(1, LoginName, DateTime.Now, DateTime.Now.AddMinutes(60), true, LoginName, FormsAuthentication.FormsCookiePath);

//hash the cookie for transport
cookiestr = FormsAuthentication.Encrypt(tktLogin);
hcookie = new HttpCookie (FormsAuthentication.FormsCookieName, cookiestr);
ts = new TimeSpan(0,1,0,0,0);
hcookie.Expires = DateTime.Now.Add(ts);
Response.Cookies.Add(hcookie);

//redirect the user to the default page
strRedirect = Request["ReturnUrl"];

and I've got the following code in my global.asax.cs file:

protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity) {
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;

// Get the stored user-data
string userData = ticket.UserData;
string[] loginname = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, loginname);
string[] loginname = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, loginname);
}
}
}

}

If anything is a bit unclear, let me know.

Thanks ;-)
 
Upvote 0 Downvote
Can you just do a

if not Request.Cookies(&quot;YerCookieName&quot;) is nothing then Response.write(&quot;<!--&quot; & _
Request.Cookies(&quot;YerCookieName&quot;).Value & _
&quot;-->&quot;)
end if

and print it out on the page? This will give us a start. I am on a linux box right now (no dotnet). The session has no bearing on cookies (appart from session cookies obviously)

I will look in the morning again at this when I have VS infront of me. I have to get some rest. Sorry I cannot be much help right now. foo
 
Upvote 0 Downvote
Thanx Chopsaki I'll give it a go and get back to you.

Much appreciated!
 
Upvote 0 Downvote
Okie it definitely writes out the name (loggedin) and the value (an ENORMOUSLY long string of characters and numbers) so its obvious that something is happening there ...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
758
AhmedAzizBarbary
AhmedAzizBarbary
stinkybee
  • Locked
  • Question
Can't login to my admin section after clearing cookies
Replies
3
Views
129
jbenson001
jbenson001
cdfly
  • Locked
  • Question
Cookie domain
Replies
2
Views
45
cdfly
cdfly
dinger2121
  • Locked
  • Question
Unit testing Custom htmlhelpers
Replies
1
Views
62
jmeckley
jmeckley
d2007
  • Locked
  • Question
cookie in asp.net site
Replies
3
Views
64
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top