Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

User session never ends in Mozilla

Posted on 2006-06-16
4
Medium Priority
?
265 Views
Last Modified: 2010-05-18
Hello,

I am using ASP.NET and the web.config file below.
My problem is that if I open a page protected with this authentication with Mozilla, the session never expires, so the user is always logged in. With IE this problem does not exist.

-->
    <authentication mode="Forms" />

      <!--  AUTHORIZATION
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
          (unauthenticated) users.
    -->

    <authorization>
        <deny users="?" /> <!-- Allow all users -->
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application.
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the
          application trace log by browsing the "trace.axd" page from your web application
          root.
    -->
    <trace
        enabled="false"
        requestLimit="10"
        pageOutput="false"
        traceMode="SortByTime"
            localOnly="true"
    />

    <!--  SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session.
          If cookies are not available, a session can be tracked by adding a session identifier to the URL.
          To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false"
            timeout="1"
    />

And the following code in ASP.NET when user authenticated:

FormsAuthentication.RedirectFromLoginPage(this.TB_username.Text,false);

Thanks,
Alex
0
Comment
Question by:Alex7777qq
  • 2
3 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16930306
are you using cokkies?
can you please post the HTTP Set-Cookie header send to the browser
0
 

Author Comment

by:Alex7777qq
ID: 17121519
What tools can I use to get the content of this header?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 17122831
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Spectre and Meltdown, how it affects me and my clients?
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question