How to handle "Remember me" in the Asp.Net Membership Provider

Posted by RemotecUk on Stack Overflow See other posts from Stack Overflow or by RemotecUk
Published on 2010-06-25T14:17:52Z Indexed on 2012/10/25 17:01 UTC
Read the original article Hit count: 352

Ive written a custom membership provider for my ASP.Net website.

Im using the default Forms.Authentication redirect where you simply pass true to the method to tell it to "Remember me" for the current user.

I presume that this function simply writes a cookie to the local machine containing some login credential of the user.

What does ASP.Net put in this cookie? Is it possible if the format of my usernames was known (e.g. sequential numbering) someone could easily copy this cookie and by putting it on their own machine be able to access the site as another user?

Additionally I need to be able to inercept the authentication of the user who has the cookie. Since the last time they logged in their account may have been cancelled, they may need to change their password etc so I need the option to intercept the authentication and if everything is still ok allow them to continue or to redirect them to the proper login page.

I would be greatful for guidance on both of these two points. I gather for the second I can possibly put something in global.asax to intercept the authentication?

Thanks in advance.

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about cookies