Loading ...

FormsAuthentication Cookie Issue in IE8 | CodeAsp.Net

FormsAuthentication Cookie Issue in IE8

0 (0votes)

In one of our products, Communifire, we were dealing with a rather "silly" issue related to persistence of cookies in IE 8. We had created a new easy to implement Single Sign On (SSO) feature which lets users share authentication across parent domain and sub-domain (assuming CF is running on a sub-domain whereas users login via the parent website hosted on the TLD).

We were creating a new cookie when user logs in via parent domain and then CF would pick that cookie up and auto-login the user using FormsAuthentication. And once the user clicks logout in CF, then the forms authentication cookie (for CF) was deleted, and the user could view CF as a guest user. The setup was working perfectly fine in Firefox, Safari and Chrome, but in IE 8 the logout was failing. Even after clicking logout multiple times, the forms authentication cookie just didnt expire (though the code the expire the cookie would run but Fiddler showed that the cookie still exists).

The problem was related to the way IE8 handles ASP.NET forms authentication cookie, it needed the domain attribute of the cookie to be set in web.config. So once we had set the domain attribute, it worked perfectly fine without any issues.

Comments (no comments yet)

Top Posts