Forms Authentication - loginUrl page executed for each request (Chrome only)
With the help of Fiddler, I was able to figure this out.
It seems both Chrome and Firefox make an additional request for your favicon.ico
, whether or not you've specified that you're using one in your HTLM page. Internet Explorer, on the other hand, doesn't bother.
This was a problem for me for a few reasons:
- I didn't have one. I'd only just started my site and creating a
favicon.ico
was step 274. - I'm using
runAllManagedModulesForAllRequests
, so requests for icons, like all content, runs through Forms Authentication. - If you don't
<link>
to one and specify its location, Chrome and Firefox try to grab one from your web root. Forms Authentication (and my web.config) have my root locked down. The only file being served from my root is myloginUrl
page.
Each time a request for favicon.ico
was being made, Forms Authentication was disallowing it and redirecting the request to my loginUrl
page, consequently causing my loginUrl
page to be executed twice and screwing up my session values. The following Fiddler screenshots show the proof.
Chrome seems to request the icon on every page request:
Whereas Firefox seems to request it twice initially, for some reason, but then gives up for subsequent requests:
So, the solution:
- Create a
favicon.ico
file and place it in your web root. Allow anonymous access to it via a
<location>
element in your rootweb.config
.<location path="favicon.ico"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web></location>
Alternatively (probably the preferred method, since you can designate the name and location):
- Create a
favicon.ico
file and place it in a public subfolder, like/img
. <link>
to it properly within yourloginUrl
page.<link rel="icon" href="/img/favicon.ico">
Try <forms loginUrl="test.asp" timeout="2880" cookieless="UseCookies" />