Click here to Skip to main content
15,311,151 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am new to ASP.NET and I just created an ASP.NET application that requires user login. I am using Form based authentication that is cookieless. This stores the cookie in the URL rather than storing it on the client machine. But in any way it requires that cookies be accepted by browsers. And it doesn't work if browser doesn't accept cookies. I was wondering if there is a way I could get away with cookies all together and still be able to use Form Authentication. And also I don't want to use/store user information in query string either.

Hi !!! here you can find your answer.[^]
When you use forms authetication, an authentication token is required to identify the returning user so that his session information can be provided to him.

If we use cookies then this information will be put in form of cookie in the users browser. If we use cookieless then this information will be stored in the Users URL. I am not aware of any third behavior.

When we use cookieless i.e. when this information is stored in the URL the cookies are not required to be enabled on client side. So even the users with disabled cookies will be able to access session information.

Please refer to these 2 articles for more details on forms authentication and sessions.

Understanding Session Management Techniques in ASP.NET[^]
Understanding and Implementing ASP.NET Custom Forms Authentication[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900