What is the difference between FormsAuthentication createPersistentCookie true or false?

1

In an ASP.NET Web Forms application that uses FormsAuthentication in Login I would like to know:

  • What's the difference in using FormsAuthentication.RedirectFromLoginPage with createPersistentCookie true and false?
  • What changes in application behavior?
  • Do you have advantages or disadvantages between one and the other?
  • asked by anonymous 05.04.2016 / 19:36

    1 answer

    1

    When createPersistentCookie is false (default), the Attention cookie is a session cookie and will be lost when the browser is closed. In the case where it is true , the cookie will be kept between multiple browser accesses until its expiration date (CookieTimeOut) is either removed.

    I believe that the advantage of one way or another depends on the behavior to be passed on in your application to the user. In case of persistent cookie (true) the application will "remember" the access even if the user closes the browser, when accessing again is already logged in. This is very interesting because if your application does not have the criticality of a banking application, for example, it allows the other day that the user access the site it is already authenticated and does not have to enter the credentials again, this is very nice and I confess I love sites that do this ^^.

    The disadvantages are related to the use of cookies in general, the browser must be enabled to use them, size limit of each cookie, number of cookies in the browser, and there are some security issues, see here

        
    02.05.2016 / 15:17