I have the code below on a login page. I'm using this to set the login timeout by customer. In IE8 I'm running into the problem that if a user opens another browser window, then logs out in the first window, when they relog back in they get bounced back to the login after a single page (every time). If they don't open another browser, everything is fine.
I've found ALOT of questions about this, but the only solution I've found that works is to use the cookieless method (URI).
I've seen a few articles saying to set the domain, which I'm doing, but that doesn't work. Also, I've tried setting the authticket to both persistent and non-persistent. Neither has made a difference. I have seen that once the auth cookie is gone from the folder, it doesnt get recreated when I log in.
If I open that second browser window as a "New Session" I don't have any problems. (This isn't practical as we cant train every user of the app to open any additional windows this way.)
Is there a fix for this that anyone has found that doesn't involves using the cookieless URI approach?
int timeoutValue = 20 // This value is actually returned from a method;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(LoginControl.UserName, false, timeoutValue);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authCookie.Domain = "my.domain";
authCookie.Expires = DateTime.Now.AddMinutes(timeoutValue);
HttpContext.Current.Response.Cookies.Add(authCookie);