It looks like JavaScript does not have access to authentication cookies ('ASP.NET_SessionId', '.ASPXFORMSAUTH')
in the http headers I can see cookies but document.cookie object does not have them.
views:
50answers:
2
+2
A:
You could create a WebMethod which uses the following code to return a true/false value:
[WebMethod]
public bool IsAuthenticated()
{
return HttpRequest.IsAuthenticated;
}
Call this from javascript using jQuery or MSAJAX.
James Westgate
2010-03-30 21:17:07
From a technical standpoint, this does not actually tell if the "loaded page" is authenticated. It tells if the AJAX request is authenticated.
Josh Stodola
2010-03-30 21:25:48
The reason why I want to check in javascript it is because I do not want to go to the server (performance issue, I have 3 000 000 requests daily)
Cherven
2010-03-30 23:11:05
+1
A:
ASP.NET session cookies are HTTP-only by default (and rightfully so). If you need to find out if the user is authenticated in Javascript, putting a HiddenField on the page and setting its value to 0 or 1 based on your authentication token is a much better solution.
Josh Stodola
2010-03-30 21:20:26
the page is from cache - same for everybody but cookies are unique.I need to check cookies before i will make ajax request to the server to load user-specific content. and I do not want to go to the server if user does not have auth cookies.
Cherven
2010-03-30 23:14:51
Well, if you switch to cookieless session you can solve this problem :)
Josh Stodola
2010-03-31 05:49:06