Our ASP.NET 4.0 application form authentication is set to cookieless = "AutoDetect". I noticed that if the user bookmarks the login page, the bookmark link will be https://hostname.com/Login.aspx?AspxAutoDetectCookieSupport=1 . If the user navigates to this directly from a new browser session and performs a valid login, the cookie is not set. If I go directly to this page, bu will remove AspxAutoDetectCookieSupport from the query string, the cookie will be created correctly.
If the user goes directly to Default.aspx or the root directory, the login works correctly even if AspxAutoDetectCookieSupport = 1 is bound to the query string.
When the user clicks the login button, we do a postback to the login page and manually check the user credentials against our database. If successful, we do:
FormsAuthentication.RedirectFromLoginPage(userName, false);
I spent many hours debugging, including looking at the ASP.NET forms authentication code in the original source, and was unable to determine what caused this. The only solution we have at the moment is to get users to remove the login page from the bookmark URL and add a bookmark button on our user login page.
Is there any other solution to fix this forms authentication problem? Is this authentication on the form?
source share