FormsAuthentication: UserData lost (but in Cookie)

Question

• Asp.Net MVC 3
• FormsAuthentication (custom)
• iPad MobileSafari
• iframe (same domain)

After struggling with formsTicket.UserData not working with MobileSafari (ONLY MoblieSafari), I found out, that httpContext.User.Identity.Ticket.UserData is empty (in MobileSafari, not the others) and the original FormsAuthentication HttpCookie contains the right values?!?

How can that be?!

Code:

public void UpdateContext()
{
    if (httpContext.User.Identity is FormsIdentity)
    {
        // Get Forms Identity From Current User
        FormsIdentity id = (FormsIdentity)httpContext.User.Identity;
        // Create a custom Principal Instance and assign to Current User (with caching)
        HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);

        var cookieUserData = ticket.UserData; // not empty
        var httpContextIdentiyUserData = id.Ticket.UserData; // empty!
        ...
    }
}

Any clue would be helpful!

Lg
Warappa

PS: If it matters, I use a page of my website in an iframe - same domain.

Answer 1

So the issue was the following:
This error arose when I logged out and accessed a page that did a history.back().

Looking at the traffic with Fiddler I saw, that Asp.Net used the cookieless authentication mode, so the authentication was encoded into the url. Now, when the history.back() occurred, the url pointed to the Logout url with the now invalid authentication information... nasty bug at my side.

Forcing Asp.Net to use cookies did the trick!

Lg
warappa