Our ASP.NET 4.0 application's forms authentication is set to cookieless="AutoDetect." I've noticed that if a user bookmarks our login page, the bookmark link is set to https://hostname.com/Login.aspx?AspxAutoDetectCookieSupport=1. If a user navigates to this directly from a new browser session and performs a valid login, the cookie is not set. If I navigate directly to that page, bu remove AspxAutoDetectCookieSupport from the query string, the cookie is created correctly.
If a user navigates directly to Default.aspx or the root directory, login functions correctly, even with AspxAutoDetectCookieSupport=1 tacked on to the query string.
When the user clicks the login button, we do a postback to the login page and manually check the users credentials against our database. If successful, we do:
FormsAuthentication.RedirectFromLoginPage(userName, false);
I've spent many hours debugging this, including looking at the ASP.NET forms authentication code in the reference source, and haven't been able to determine what is causing this. The only solution we have at the moment is telling users to remove the Login page from their bookmark URL and adding a bookmark button on our Login page for users to click.
Is there another solution to fix this forms authentication issue? Is it a but in forms authentication?
