[Mono-bugs] [Bug 600740] New: Setting domain on <forms> tag doesn't change auth cookie
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Thu Apr 29 01:11:58 EDT 2010
http://bugzilla.novell.com/show_bug.cgi?id=600740
http://bugzilla.novell.com/show_bug.cgi?id=600740#c0
Summary: Setting domain on <forms> tag doesn't change auth
cookie
Classification: Mono
Product: Mono: Class Libraries
Version: 2.4.x AddOn CD
Platform: x86-64
OS/Version: SLES 11
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Sys.Web
AssignedTo: mhabersack at novell.com
ReportedBy: stuart at cbtnuggets.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us)
AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7
I am using FormsAuthentication and when I set the domain attribute in the
configuration it does not change the domain on the authentication cookie.
Reproducible: Always
Steps to Reproduce:
1. Setup the forms authentication in the web.config:
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
cookieless="UseCookies"
domain="contoso.com" />
</authentication>
2. Create a login page which uses the
FormsAuthentication.RedirectFromLoginPage method.
3. Login.
Actual Results:
After logging in the .MONOAUTH cookie returned has no domain so it defaults to
the hostname of the server. Using the example above the cookie would return
with "www.contoso.com".
Expected Results:
The .MONOAUTH cookie should be returned for the domain defined in the
authentication/forms section. In the example case it would be "contoso.com".
Here is what I believe the fix is for
System.Web.Security/FormsAuthentication.cs:
434a435,438
> #if NET_2_0
> if (cookie_domain != null && cookie_domain.Length > 0)
> cookie.Domain = cookie_domain;
> #endif
647a652,655
> #if NET_2_0
> if (cookie_domain != null && cookie_domain.Length > 0)
> expiration_cookie.Domain = cookie_domain;
> #endif
I generated these diffs on the 2.6.3 version of the FormsAuthentication class
but I would like this to be applied to the 2.4 add-on for SLES as well.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list