Reputation: 542
Session and form cookie authorization
We developed a MVC 4 Web application with form cookie authorization. Is a good approach use session variables and authentication cookie together? Thank you.
I would know if is possible some synchronization between cookie and session timeout. Based in my research it's problematic due to its different lifecycle.
Upvotes: 1
Views: 92
Answers (2)
Reputation: 542
Ok, this is my answer. After some research and code testing, the best solution it's always read information from auth cookie. Use of Session and cookie auth at same time it's hard to control due to its differents lifecycle. If we have, for example, a valid cookie auth and a timed out session, in the next request we will have a renewed session without any user info.
Upvotes: 0
Reputation: 17540
.NET 4.5 has incorporated the Windows Identity Foundation (WIF) as a core part of the framework and has made claims-based security a integral part of it. With claims-based security it easy to add custom information to the identity of the user as a new claim. Dominick Baier has a great training course on this in PluralSight called Introduction to Identity and Access Control in .NET 4.5. You can sign up for a free trial to check this course out. You can also get good information on security in .NET on Dominick Baier's Blog.
Upvotes: 1
Related Questions
- Cookie Based Authentication
- Using cookie in asp.net mvc c#
- Form Authentication Security
- ASP.NET MVC and using cookieless sessions
- Cookie management in ASP.NET MVC
- Session cookie persitance in ASP.NET MVC
- MVC3 and Authentication
- ASP.NET MVC3 Authentication & sessions
- ASP.NET MVC authentication cookie
- Authentication Cookie