1

This thing has just came to my head and I wanna share it.

Note : I could easily test it but I am being lazy here to see if anybody has ever experienced something like that before.

Let's assume that I have a web site which built-in membership structure of asp.net has been implemented on.

What will happen to asp.net membership if the client browser blocks cookies? Does framework throw an exception when a user tries to log in or do something else?

Olli
  • 1,231
  • 15
  • 31
tugberk
  • 57,477
  • 67
  • 243
  • 335

3 Answers3

1

It's not a problem. Check ASP.NET cookieless sessions.

Atanas Korchev
  • 30,562
  • 8
  • 59
  • 93
1

For cookieless browsers asp.net provides session id to embed in URL;

http://msdn.microsoft.com/en-us/library/aa479314.aspx

Very simple test; just change in web.config

<sessionState cookieless="true" />
Waqas Raja
  • 10,802
  • 4
  • 33
  • 38
1

To answer your question, I don't think any exceptions will be raised, but if the client does not accept cookies (blocking them etc), then I think they will just keep being redirected to the login page because no authenticated cookies would be sent with any request...e.g. every request would appear unauthenticated...if the resource didn't require authentication, things would be normal...

Edit
If you want cookieless forms authentication, this MSDN article explains how...you would basically add:

<forms cookieless="UseUri" />

although, you might be able to try AutoDetect and it will use cookies where possible

<forms cookieless="AutoDetect" />
davidsleeps
  • 9,393
  • 11
  • 59
  • 73
  • your answer is partially true given the circumstances. if we do not implement the feature which @waqas suggests, it happens as you indicated. – tugberk Apr 03 '11 at 13:07
  • @tugberk updated to perhaps more what I was talking about...i'm not sure if I'm missing the point, but it sounded more like you were concerned with authentication instead of session state (server side data storage) – davidsleeps Apr 03 '11 at 13:10
  • yeah, my aim was to find out what will happen to authentication in this case. – tugberk Apr 03 '11 at 13:13