{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 三岁会撩人 的问题《Why isn't .ASPAUX cookie being validated by Fo》','https://www.manongdao.com/q-607379.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a site that uses FormsAuthentication and yes, the name of the cookie is .ASPAUX :)
I can log in perfectly. The server creates a forms authentication ticket, packs it in a cookie, properly determines the expiration time (1 year ahead) and sends it to the client.
For some reason, after some time, even though the cookie is there yet (I can see it with FireCookies) HttpContext.Current.Request.IsAuthenticated becomes false at the server. It's as if the cookie couldn't be validated.
The problem is: Why would that happen? How can I debug why the cookie suddenly becomes invalid without expiring?
EDIT
Here's the login method:
public static bool Login(int id)
{
try
{
string securityToken = UserHelper.AuthenticateUser(id);
DateTime expiryDate = DateTime.Now.AddYears(1);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, id.ToString(), DateTime.Now, expiryDate, true,
securityToken, FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.Expires = expiryDate;
HttpContext.Current.Response.Cookies.Add(cookie);
return true;
}
catch
{
return false;
}
}
And the web.config:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" slidingExpiration="true"/>
</authentication>
A few things I can think of to check:
Do you have multiple domains (including
www.domain.comvsdomain.com)?If so, either set the domain in the cookie as
domain.comor ensure you always use the same domainAre you using HTTPS?
If so, make sure you're always accessing the cookie via HTTPS or making sure that
Secureis set to false on theHttpCookie(otherwise it's only accessible on HTTPS requests)Are you writing the cookie from a virtual directory?
If so, the "path" on the cookie might be set and it won't be accessible from outside the path.
Do you have multiple web servers?
If so, make sure your machine key is set to the same value (though that should be throwing an exception)
Set static machine keys in your web.config to make sure that the encryption key used in generating your ticket survives an application pool being recycled (or your website being restarted in the ASP.NET web server)?
Also see the Forms Authentication Tickets section of this MSDN library article