What is the difference between Formsauthentication createPersistentCookie true or false?

Asked

Viewed 114 times

1

In an ASP.NET Web Forms application that uses Formsauthentication on Login would like to know:

  1. What’s the difference in using Formsauthentication.Redirectfromloginpage with createPersistentCookie true and false?
  2. What changes in application behavior?
  3. Has advantages or disadvantages between one and the other?

1 answer

1

when createPersistentCookie is false(default), the warning cookie is a session cookie and will be lost when the browser is closed. In the case where it is true, the cookie will be kept between multiple accesses to the browser until its expiration date (Cookietimeout) or is removed.

I believe that the advantage in one way or another depends on the behavior that be passed in your application to the user. In case of use of persistent cookie(true) the application will "remember" the access even if the user closes the browser, when access again will already be logged in. This is very interesting because if your application does not have the criticality of a banking application, for example, allows the other day that the user access the site it is already authenticated and does not need to enter the credentials again, This is really cool and I confess that I love sites that do this ^^.

The disadvantages are related to the use of cookies in general, the browser needs to be enabled to use them, limit the size of each cookie, amount of cookies in the browser, and there are some security issues, see here

Browser other questions tagged

You are not signed in. Login or sign up in order to post.