Forms Authentication Problem

An ASP.Net site we created is having infrequent problems with logins using forms authentication. Essentially what happens is that the user attempts to login and is successful, but then is redirected back to the login page immediately. So it looks like an infinite loop of logins. We have been able to deduce that the cookie is related to the problem. If the user deletes their cookies in IE the problem goes away. The problem is very intermittent, so it is very difficult to reproduce. It is not generating 500 errors or errors in the logs. From extensive Googling, the best I can come up with is the fact that we allowed the cookie to persist across sessions, and the problem is related to that. So I changed the createPersistentCookie parameter to false:

FormsAuthentication.SetAuthCookie(nResult.ToString, False)

Of course, solving the problem is only a wait-and-see in this case, since I can’t reproduce the problem directly. I thought our login code was pretty straightforward, letting ASP.Net do as much of the work as possible.


Imports System.Web.Security.FormsAuthentication
........
'txtEmail, txtPassword are textboxes on the form, lblMessage is a label control
Public Sub Login_Click(ByVal snd As System.Object, ByVal e As System.EventArgs) _     Handles LoginButton.Click
        Dim NotRegistered As String = " is not a registered email address. “ & _                                  “Please use the Create A Profile link to register."
    Dim nResult As Integer    If Page.IsValid Then
        Dim sPassword As String 

        sPassword = HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1")
        nResult = LoginResult(txtEmail.Text, sPassword) 'Validate against the database
        If nResult = -1 Then 'Not a registered user, display error message
            lblMessage.Text = txtEmail.Text & NotRegistered
        ElseIf nResult = -2 Then 'Bad password, set error message
           lblMessage.Text = "The password for " & txtEmail.Text & _                             " is incorrect"
        ElseIf nResult > 0 Then 'Registered user, nResult is their ID number
           If Request.QueryString("ReturnUrl") <> "" Then 'Redirect to requsted page
               RedirectFromLoginPage(nResult.ToString, False)
           Else 'Go to My Jobs by default
               SetAuthCookie(nResult.ToString, False)
               Response.Redirect("../MyJobs/My_Jobs.aspx")
           End If        End if
    End If
End Sub

Posted on: by davetrux

Comments are closed.

Bad Behavior has blocked 55 access attempts in the last 7 days.