Solved

Why don't cookie values change after I log in or out?

Posted on 2008-10-28
4
179 Views
Last Modified: 2012-05-05
When I open the cookie file, I see the following after first arriving at the site:
.ASPXANONYMOUS
ry90wcFvyQEkAAAAYTI2MjEyYTUtNjViNS00YWFjLTgzNzAtYjU3Mjc2MGYzM2Y2GCZGkGYSnRI5d5xGjrkNU3dWIjw1
havanesenation.com/
9216
3243858944
29978561
3932914064
29964591

After I log in, the values are all identical.  I know for a fact I'm logged in (using isauthenticated).  

I'm currently using a second authentication system for the forum module, with separate un and pw subkeys, and I want to simplify to a single system.  Hence, to gain a more complete understanding, I'm trying to understand what the default membership cookies look like when authenticated and when anonymous.

thanks
0
Comment
Question by:lotzaquestions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 20

Expert Comment

by:edster9999
ID: 22825864
If it doesn't change then to cookie does not keep your status.  
It is just a marker so the system know that you are you.
This is how most of them work.
When you login the server marks you as logged in - probably adds a record to the database with time stamp on it.
and gives you this random number as a cookie (and stores the same number on the database as well).
Your id marker is not updated or changed as you log in or out.
Next time you come back you are not identified as your session has expired.
Now it asks for cookie and your return that number.  It looks that up in the database and knows that the only person with that id is you.
0
 

Author Comment

by:lotzaquestions
ID: 22827574
if I understand correctly, you're saying that the cookie contains an ID to get to additional data, such as login status, from the database.  I checked the standard user-related tables in the database (eg. aspnet_Membership, aspnet_Users, etc) and don't see any indication of current login status in any table.  Do you (or does anybody) know exactly where this data is maintained throughout the session?  
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 50 total points
ID: 22831413
Yes that is the what they normally contain.  A look up value or pointer to your account.

Is there a list of login times or sessions ?  This would not have a value saying '1' for logged in - it could instead be based on the time.  If there is an value for your session in the last 15 minutes (example) you are consider logged in.
The server could show a list of logged in people by searching that database for session records < 15 mins
0
 

Author Comment

by:lotzaquestions
ID: 22831623
Thanks, that answers the question.  I checked the aspnet_Users table and there is a LastActivityDate field that updates when user logs in.  
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

      Install BugTracker on Windows 2008 server Step 1:  Install windows 2008 server 32 bit OS and configure IIS. Step 2:  Install SQL server ( SQL server 2005 or SQL server 2005 Express edition. The installer for 2008  version isn’t very f…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question