Web Security in IE VS Chrome & Firefox (bug)

后端 未结 3 1930
情深已故
情深已故 2021-01-11 10:21

Why is the Web Security is working differently on different browser:

Details:

I have two applications

One is a simple <

3条回答
  •  有刺的猬
    2021-01-11 10:42

    There are 3 things around it:

    WebSecurity.IsAuthenticated actually returns the value of HttpRequest.IsAuthenticated, which is true if the Forms Authentication cookie has been set and is current. It's not available until the user makes the next request after successfully logging in, which is why you are seeing the behaviour that you describe.

    I remember reading on MSDN or someplace, the WebSecurity.IsAuthenticated does not work until the page is fully loaded. Meaning if you login a user in a page and in the same flow of code you check IsAuthenticated, it will NOT return True. For IsAuthenticated to be True the page has to be reloaded or use the better practice; which is to redirect the user to another secured page as soon as the login is successful and in that page check IsAuthenticated.

    We had the same issue with Chrome (version 21.0.1180). Despite that we see expiration date on Header, some Chrome in Windows XP ignored it. Then we removed the Expiration Date and Chrome accepted keep the session cookie without problems.

    So what to do is: After login try to check this on new page not on same page.

    Also try to set cookie explicitly

    System.Web.Security.FormsAuthentication.SetAuthCookie(user.Username, false);
    

提交回复
热议问题