Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


anonymous identification

Posted on 2007-08-06
Medium Priority
Last Modified: 2013-11-05

I have read this on msdn

"If anonymous identification is enabled, ASP.NET creates a unique identification for users the first time they visit your site. The unique user identification is stored in a cookie on the user's computer so that the user can be identified with each page request. The cookie's default expiration is set to approximately 70 days and is periodically renewed when a user visits the site. If the user's computer does not accept cookies, the user's identification can be maintained as part of the URL of the page request, although the identification will be lost when the user shuts down the browser."

I am trying to understand how this works. My best bet is that everytime a wepage is requested the webpage looks to see if the user is allowed to see the page. Providing the page has anonymous access, asp.net will look for an identification cookie for the user. If there is one, the sliding expiration value is changed. If there isn't, a new one is created.

My key point is that asp.net looks for this unique ID cookie on every page request. Is this correct?

Question by:andieje
LVL 51

Expert Comment

by:Ted Bouskill
ID: 19639762
Hmm, no that article is talking about each user having a unique session.  So when a users visits your site you can store data in the session that is unique to each user using the Session object.  Any page on the website (secure or not) will retain the same session object for a user.

The cookie is used to match the user with the correct session and there is only one session cookie for the entire web application, not per page.

Permissions is another set of functionality that will use the previous functionality but is essentially independent.

If you want to control access to the web application you need to look into "Forms Authentication"
LVL 25

Accepted Solution

DBAduck - Ben Miller earned 2000 total points
ID: 19639803
Anonymous authentication is used when you have an ASP.NET Application.

The MSDN article is right and your summary is in concept correct.  If the page is available to anonymous users, then it will check for the cookie each time a page is requested.  If the user closes the browser and opens a new session, the cookie can still be read even if the IP address changes on the client.  It is also true that if the user clears the cookies, then a new cookie will be generated.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Screencast - Getting to Know the Pipeline
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month11 days, 12 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question