lotzaquestions
asked on
Why don't cookie values change after I log in or out?
When I open the cookie file, I see the following after first arriving at the site:
.ASPXANONYMOUS
ry90wcFvyQEkAAAAYTI2MjEyYT UtNjViNS00 YWFjLTgzNz AtYjU3Mjc2 MGYzM2Y2GC ZGkGYSnRI5 d5xGjrkNU3 dWIjw1
havanesenation.com/
9216
3243858944
29978561
3932914064
29964591
After I log in, the values are all identical. I know for a fact I'm logged in (using isauthenticated).
I'm currently using a second authentication system for the forum module, with separate un and pw subkeys, and I want to simplify to a single system. Hence, to gain a more complete understanding, I'm trying to understand what the default membership cookies look like when authenticated and when anonymous.
thanks
.ASPXANONYMOUS
ry90wcFvyQEkAAAAYTI2MjEyYT
havanesenation.com/
9216
3243858944
29978561
3932914064
29964591
After I log in, the values are all identical. I know for a fact I'm logged in (using isauthenticated).
I'm currently using a second authentication system for the forum module, with separate un and pw subkeys, and I want to simplify to a single system. Hence, to gain a more complete understanding, I'm trying to understand what the default membership cookies look like when authenticated and when anonymous.
thanks
ASKER
if I understand correctly, you're saying that the cookie contains an ID to get to additional data, such as login status, from the database. I checked the standard user-related tables in the database (eg. aspnet_Membership, aspnet_Users, etc) and don't see any indication of current login status in any table. Do you (or does anybody) know exactly where this data is maintained throughout the session?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, that answers the question. I checked the aspnet_Users table and there is a LastActivityDate field that updates when user logs in.
It is just a marker so the system know that you are you.
This is how most of them work.
When you login the server marks you as logged in - probably adds a record to the database with time stamp on it.
and gives you this random number as a cookie (and stores the same number on the database as well).
Your id marker is not updated or changed as you log in or out.
Next time you come back you are not identified as your session has expired.
Now it asks for cookie and your return that number. It looks that up in the database and knows that the only person with that id is you.