i am creating an asp.net application, it's already working by now, but the problem is when i use "Live HTTP Headers" i found that my site have 2 ASPXAUTH cookie, and the one being used is the bottom one.

here i give a screen shoot what i found:

enter image description here

btw here is some of my code in login page :

  string email = tbEmail.Text;
                string pass = tbPass.Text;
                bool remember = cbRemember.Checked;

                var res = (from user in ctx.users
                          where user.password == ctx.ConvertPassword(pass) 
                                                 && user.email == email
                          select user).FirstOrDefault();  // Remark : 0 = active, 1 = Inactive, 2 = Suspend, 3 = Unconfirmed

                if (res != null && res.email.ToLower() == email.ToLower())
                {
                    if (res.userstatus == 0 || res.userstatus == 3)
                    {
                        FormsAuthentication.SetAuthCookie(email, remember);
                        FormsAuthentication.RedirectFromLoginPage(email, remember);
                        var arr =  Request.Cookies.AllKeys;
                    }
                    else if (res.userstatus == (int)UserStatus.Inactive)
                    {
                        lblMessage.Text = "You have deleted your account, if you wish to restore it, please click ";
                        btRecover.Visible = true;
                    }
                    else if (res.userstatus == (int)UserStatus.Suspended)
                    {
                        lblMessage.Text = "Your account has been suspended, for more information, please contact our support";
                    }
                    else
                    {
                        lblMessage.Text = "Invalid username or password";
                    }
                }
                else
                {
                    lblMessage.Text = "Invalid username or password";
                }

what i do wrong?

有帮助吗?

解决方案

The

FormsAuthentication.SetAuthCookie(email, remember);

sets the cookie. But also does

FormsAuthentication.RedirectFromLoginPage(email, remember);

which is a higher level facade - not only sets the cookie but also redirects from the login page to the redirecturi pointing page.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top