|
-
Aug 18th, 2004, 05:08 AM
#1
Thread Starter
Fanatic Member
Forms Authentication
I have been reading up on Forms Authentication and get the impression that to use this form of authentication the user must have cookies enabled.
Is this correct and if so what exactly does it use the cookies for ?
-
Aug 18th, 2004, 06:39 AM
#2
I wonder how many charact
Forms can work cookieless as well...
But if you enabled cookies, it will store a cookie for that browser session on the client machine.
For my project, our users could be using public terminals, so we chose cookieless with Forms authentication, and the session ID is then passed along in the Url.
-
Aug 18th, 2004, 09:14 AM
#3
Thread Starter
Fanatic Member
Isn't passing it in the URL a bit of a security risk ?
-
Aug 18th, 2004, 11:39 AM
#4
I wonder how many charact
It sounds like it would be.... but really what risk is it to know what your own session id is?
If you don't have the authentication cookie(even in cookieless, that cookie is still passed with the response/request headers, just not stored) then the session id is useless...
For other authentication methods, you could easily look in your cookies stored on a machine to know the sessionid as well...
If your allowing users to access your web application that aren't part of your Windows network, your pretty much stuck with Forms authentication.
Last edited by nemaroller; Aug 18th, 2004 at 12:04 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote