[原创]使用getauthcookie改进认证cookie

文章作者：swords [E.S.T]
信息来源：邪恶八进制信息安全团队

web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx">
<credentials passwordFormat="Clear">
<user name="swords" password="est"/>
</credentials>
</forms>
</authentication>
<customErrors mode="Off" />
<globalization requestEncoding="gb2312" responseEncoding="gb2312" />
  </system.web>
</configuration>


login.aspx

<%@page language="vb"%>
<script runat="server">
sub login(obj as object,e as eventargs)
if FormsAuthentication.authenticate(tbusername.text,tbpassword.text) then
dim cookie as httpcookie
cookie=Formsauthentication.getauthcookie("swords",false)
cookie.expires=datetime.now.addminutes(2)
response.cookies.add(cookie)
&#39;FormsAuthentication.setAuthCookie(tbusername.text,false)
lblmessage.text="success!"
else
lblmessage.text="invalid!"
end if
end sub
</script>
<html><body>
<form runat="server">
<asp:label id="lblmessage" runat="server"/>
<asp:textbox id="tbusername" runat="server" />
<asp:textbox id="tbpassword" textmode="password" runat="server" />
<asp:button id="submit" runat="server" onclick="login" text="submit"/>
</form>
</body></html>


ps:
FormsAuthentication.signout注销用户的cookie
setAuthCookie(tbusername.text,false)
false关闭浏览器自动失效,true关闭浏览器依然有效.