{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做自己的国王 的问题《Getting 403: Forbidden: Access is Denied when user》','https://www.manongdao.com/q-893535.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am getting 403 when a user accidentally closes their browser without logging out and tries again to open the url.
When they check back, website throws 403. To temporarily resolve the issue I clean out all the cookies and the access is back on.
Error: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
Details to troubleshoot: Web.Config file
<forms loginUrl="index.aspx"
protection="All" path="/"
timeout="300"
name="AppNameCookie"
slidingExpiration="true"
defaultUrl="index.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"
requireSSL="false"/>
Code to authenticate users
' Create the cookie that contains the forms authentication ticket
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(sUserName, False)
'HttpOnly cookie means it is not accessible by the client through ECMAScript.
authCookie.HttpOnly = True
authCookie.Expires = Now.AddMinutes(300)
' Get the FormsAuthenticationTicket out of the encrypted cookie
Dim ticket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
' Create a new FormsAuthenticationTicket that includes our custom User Data
Dim newTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userDataString)
' Update the authCookie's Value to use the encrypted version of newTicket
authCookie.Value = FormsAuthentication.Encrypt(newTicket)
' Manually add the authCookie to the Cookies collection
Response.Cookies.Add(authCookie)
' Determine redirect URL and send user there
I think there is an issue with the cookies but I am unable to figure the root cause for this issue.
UPDATE: I found how to duplicate this issue
Login as a user and close the browser without logging out. Try to open the home page and it throws error.
Issue has been resolved.
The conflict was with the AuthCookie in the login page and the following line was causing the problem.
Replaced with the following lines they work fine.