views:

441

answers:

1

Hi

I have a web app using forms authentication. When I perform the following steps

  1. Let the login cookie expire
  2. Click on a link that requires a logged in user
  3. The user is redirected to the login page
  4. Click the browser back button
  5. The user is redirected to the login page again
  6. Log in using a valid username/password

I get this exception Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

This case appears only in safari (windows and mac). The fundamental difference between safari and other browsers is that when we click the back button in step 4, safari shows the login page again, while the other browsers show the previous page the user was working on.

Please help in this regard

A: 

While I have seen errors in my log that make me believe I'm facing the same issue as you, I have not yet been able to reproduce the error in a sample application. My guess is that the viewstate information from the timed-out page is being submitted to the login page, which is invalid. To correct this, it may be possible to put something early in the login page life cycle (maybe Page_Init) that would recognize when a redirect to the login page is happening (perhaps through the referer) and circumvent the viewstate validation.

Bernard Chen