Why FormsAuthentication.SetAuthCookie doesn't work in the IE

5.8k views Asked by At

I was using Form Authentication in my test. And also have some test user name .But found a weird problem for a specified name. That is all of test names except only one named amybeyond can works in the test.

Please help to review my code in my test.

LoginTest.aspx (This is a login form for user name and password input.)

public partial class LoginTest : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            //after succeed validating user. then redirect to LoginSuccess.aspx page. 
            bool bValidate=Membership.ValidateUser("amybeyond", "11111111");
            if (bValidate)
            {
                FormsAuthentication.SetAuthCookie("AmyBeyond", false);
                Response.Redirect("LoginSuccess.aspx");
            }

        }
    }

LoginSuccess.aspx (In this page, just simply test if current request is authenticated after redirecting.)

public partial class LoginSuccess : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //the HttpContext.Current.Request.IsAuthenticated always false in the IE.
            if (HttpContext.Current.Request.IsAuthenticated)
            {
                Response.Write("ok, you login successfully.");
            }
        }
    }

I am sure the Membership.ValidateUser is successfully executed and return true. The problem is it can't know the authenticated status after successfully redirecting.

I didn't know if I miss something or did something wrong. If there is . Please help to tell me .thanks.

Added

I read the source code of FormsAuthentication.SetAuthCookie. and add the cookieless="UseCookies" in the Forms element of the Web.config. Hope to make sure the cookie is added to the Response(This is done by the source code HttpContext.Current.Response.Cookies.Add(cookie)). Still doesn't work.

public static void SetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath)
{
    Initialize();
    HttpContext current = HttpContext.Current;
    if (!current.Request.IsSecureConnection && RequireSSL)
    {
        throw new HttpException(SR.GetString("Connection_not_secure_creating_secure_cookie"));
    }
    bool flag = CookielessHelperClass.UseCookieless(current, false, CookieMode);
    HttpCookie cookie = GetAuthCookie(userName, createPersistentCookie, flag ? "/" : strCookiePath, !flag);
    if (!flag)
    {
        HttpContext.Current.Response.Cookies.Add(cookie);
        current.CookielessHelper.SetCookieValue('F', null);
    }
    else
    {
        current.CookielessHelper.SetCookieValue('F', cookie.Value);
    }
}

Added

The http capturing detail shows below. in the LoginTest.aspx there is a cookie named FwLoginCookie , after redirect to LoginSuccess.aspx this cookie is lost. please help to review it .

enter image description here

enter image description here

enter image description here

1

There are 1 answers

6
Joe.wang On BEST ANSWER

Finally got why did this weird thing happen! It is because there is an another cookie named ACA_USER_READ_ANNOUNCEMENT sent to response. It is so large size (more than 5800bytes) that the browser (in my test it is IE) would ignore all the cookies include the Form authentication cookie(about 300bytes). But other browser like chrome/firefox is not the same behavior with IE when encounter this case (huge cookie size.).

If it is not right . Please kindly correct me . Thanks.