Admins having to reload page to see admin features (question about cookie location)

Question

I am creating a custom cookie and have overloaded the Iprincipal class and all that good stuff. My cookie works correctly and I am able to retrieve the roles of the users successfully, but the admins have to reload the default page after just logging in to see the admin only button. Once they visit a new page on my site and return to the default page, the button is there.

I read somewhere that the cookie is created last and has something to do with a response to the HTTP. TBH, I am new to this stuff and don't understand exactly how that works, but I see how it effects my program.

I am currently creating and planting my cookie in the page load of my default page. Should I be doing it somewhere else, perhaps in the log-in page? I tried that, but the same issue still exists. Am I missing something?

Thanks for the help and I would be more than happy to clarify anything.

Answer 1

you might try setting the cookie and redirecting. this is somewhat standard practice during login. the redirect will cause a fresh page load during which your cookie will be sent to the server.

Answer 2

When I started ASP.NET, I often ran into a similar issue. The problem was that I didn't bind the data properly AFTER the button click occurred:

Bad Code:

void Page_Load(object o, EventArgs e)
{
    _adminControls.Visibile = IsAdmin();
}

void Login_Clicked(object o, EventArgs e)
{
    DoLogin();
}

The way to fix it is:

void Page_Load(object o, EventArgs e)
{
    // Move binding code, etc to a BindData function and only call it if !IsPostBack
    if (!IsPostBack)
    {
        BindData();
    }
}

void BindData()
{
    _adminControls.Visibile = IsAdmin();
}

void Login_Clicked(object o, EventArgs e)
{
    DoLogin();
    BindData(); // Call BindData function after login
}

This may not be what you are seeing, but the symptoms are similar.