I am getting 403 when a user accidentally closes their browser without logging out and tries again to open the url.
When they check back, website throws 403. To temporarily resolve the issue I clean out all the cookies and the access is back on.
Error: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
Details to troubleshoot: Web.Config file
<forms loginUrl="index.aspx"
protection="All" path="/"
timeout="300"
name="AppNameCookie"
slidingExpiration="true"
defaultUrl="index.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"
requireSSL="false"/>
Code to authenticate users
' Create the cookie that contains the forms authentication ticket
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(sUserName, False)
'HttpOnly cookie means it is not accessible by the client through ECMAScript.
authCookie.HttpOnly = True
authCookie.Expires = Now.AddMinutes(300)
' Get the FormsAuthenticationTicket out of the encrypted cookie
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
' Create a new FormsAuthenticationTicket that includes our custom User Data
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userDataString)
' Update the authCookie's Value to use the encrypted version of newTicket
authCookie.Value = FormsAuthentication.Encrypt(newTicket)
' Manually add the authCookie to the Cookies collection
Response.Cookies.Add(authCookie)
' Determine redirect URL and send user there
I think there is an issue with the cookies but I am unable to figure the root cause for this issue.
UPDATE: I found how to duplicate this issue
Login as a user and close the browser without logging out. Try to open the home page and it throws error.
