[Mono-bugs] [Bug 600740] New: Setting domain on <forms> tag doesn't change auth cookie

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Apr 29 01:11:58 EDT 2010 

http://bugzilla.novell.com/show_bug.cgi?id=600740

http://bugzilla.novell.com/show_bug.cgi?id=600740#c0


           Summary: Setting domain on <forms> tag doesn't change auth
                    cookie
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.4.x AddOn CD
          Platform: x86-64
        OS/Version: SLES 11
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Sys.Web
        AssignedTo: mhabersack at novell.com
        ReportedBy: stuart at cbtnuggets.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us)
AppleWebKit/531.22.7 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7

I am using FormsAuthentication and when I set the domain attribute in the
configuration it does not change the domain on the authentication cookie.

Reproducible: Always

Steps to Reproduce:
1. Setup the forms authentication in the web.config:

<authentication mode="Forms">
  <forms loginUrl="member_login.aspx"
    cookieless="UseCookies"
    domain="contoso.com" />
</authentication>

2.  Create a login page which uses the
FormsAuthentication.RedirectFromLoginPage method.

3. Login.
Actual Results:  
After logging in the .MONOAUTH cookie returned has no domain so it defaults to
the hostname of the server.  Using the example above the cookie would return
with "www.contoso.com".

Expected Results:  
The .MONOAUTH cookie should be returned for the domain defined in the
authentication/forms section.  In the example case it would be "contoso.com".

Here is what I believe the fix is for
System.Web.Security/FormsAuthentication.cs:

434a435,438
> #if NET_2_0
> 			if (cookie_domain != null && cookie_domain.Length > 0)
> 				cookie.Domain = cookie_domain;
> #endif
647a652,655
> #if NET_2_0
> 			if (cookie_domain != null && cookie_domain.Length > 0)
> 				expiration_cookie.Domain = cookie_domain;
> #endif

I generated these diffs on the 2.6.3 version of the FormsAuthentication class
but I would like this to be applied to the 2.4 add-on for SLES as well.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list