knightmare0
Sep 2nd, 2004, 08:32 AM
I am using windows forms authentication for my web application. The session information remains intact when the user browses through the folder under the login.aspx file. But For some reason when the user moves up a folder level from the main login folder, the session variables are simply reset. I have also set session timeout to 30min. Below is the folder hierarchy for my webapp:
webapp(virtual root)
-services(folder)
-index.aspx
-file.aspx
-account(folder)
-index.aspx
-file2.aspx
-index.aspx
-login.aspx
So when i go to index.aspx under the webapp folder all the sesion information is lost. Is it because of the web.config setting.
My web.config:
<authentication mode="Forms">
<forms name=".COOKIEDEMO" loginUrl="login.aspx" protection="All" timeout="30" path="/" />
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
</authentication>
<authorization>
<deny users="?" />
<!-- Allow all users<allow users="*" /> -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
I know that I am making a very simple mistake somewhere. But how do i setup windows forms authentication such that the user can move around the website without losing any session information even if the aspx files/folders are not under the ones defined in the web.config. Any help is appreciated.
webapp(virtual root)
-services(folder)
-index.aspx
-file.aspx
-account(folder)
-index.aspx
-file2.aspx
-index.aspx
-login.aspx
So when i go to index.aspx under the webapp folder all the sesion information is lost. Is it because of the web.config setting.
My web.config:
<authentication mode="Forms">
<forms name=".COOKIEDEMO" loginUrl="login.aspx" protection="All" timeout="30" path="/" />
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
</authentication>
<authorization>
<deny users="?" />
<!-- Allow all users<allow users="*" /> -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
I know that I am making a very simple mistake somewhere. But how do i setup windows forms authentication such that the user can move around the website without losing any session information even if the aspx files/folders are not under the ones defined in the web.config. Any help is appreciated.