[Mono-bugs] [Bug 76606][Wis] Changed - Forms authentication doesn't persist over server reboots

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Nov 2 18:13:39 EST 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by gonzalo at ximian.com.


--- shadow/76606	2005-10-31 17:15:24.000000000 -0500
+++ shadow/76606.tmp.23831	2005-11-02 18:13:39.000000000 -0500
@@ -2,13 +2,13 @@
 Product: Mono: Class Libraries
 Version: 1.1
 OS: other
 OS Details: Gentoo 64bit
 Status: NEW   
+Severity: Unknown
 Priority: Wishlist
 Component: Sys.Web
 AssignedTo: gonzalo at ximian.com                            
 ReportedBy: carlos at applianz.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -21,6 +21,18 @@
 server again. Then I go to the webpage and my user is still authenticated.
 I try to do the same thing with XSP on Linux and when I start the server
 for the second time the webpage asks me to reauthenticate.
 This does not really cause us any problems, I just noticed that it behaved
 a bit different than ms.net, almost as if the server instance is embedded
 into the cookie somehow.
+------- Additional Comments From gonzalo at ximian.com  2005-11-02 18:13 -------
+This is a known problem. When you don't use your own key for
+validation/encryption of form data, new keys are created every time
+xsp/mod-mono-server is started.
+MS seems to keep the autogenerated keys around and reuse them.
+I'll save the autogenerated keys and reuse them.
+In the meantime, use validationKey/encryptionKey with your own
+predefined keys (it's the <form> element in web.config).

More information about the mono-bugs mailing list