hi, i have a site with authentication form and some frames.

the problem is that when i use cookieless authentication i don't know how set the frame's src path,  all the property off request don't give me the url with

the authentication string (es  www.site.com/F(f9gf9g8df9gidf9gidf9gid9gi)/index.aspx  ) so i can't set the frame to a path that include

the string  F(f9gf9g8df9gidf9gidf9gid9gi) and the user for the frame isn't authenticated.

The only way that i have found is get it by the server variable HTTP_ASPFILTERSESSIONID but i don't like very much this solution,

somebody knows a clean solution for my problem?

thanks 

Hi korkless

Some disadvantages and limitations if you use Session mangling to track session keys without using client-side cookies.

1)User may send URL contains active session ID  to other person via email/irc/etc.

2)URL that contains active session ID may be stored in publically accessible computer.

3)User may access your site with the same session ID always using URL stored in browser's history or bookmarks.

Each frame in your site need authentication? I thinke you can use a master page and integratethe authentication pages.

May be it's not a good idea, for reference only.

i do the question becouse in some browser cookie don't work and, if forms authenticatino can't use them it uses Uri.

But for the problem that u tell:

1) if a user want share his account he can send directly username and password

2)  i use authentication's timeout but i think that anyway also the cookie can be stored on a accessible computer

3) with cookie is the same  

Hi 

It is pleasant to discuss this problem with you.

My suggestion for now is not good, for reference only

Can you log the authentication user's client information such as network adress and

this information will expire if user offline for several minutes

maybe i have found the solution in a blog, if i use the link with ~/resourcePath  asp.net  resolve the link correctly or i hope that it's so :)

When i'll found time to try i write if it' works;

Hi

 It's greate if you can fnd a way and would you like to share your experience since many people may face with the same problem of using cookieless authentication?