i have tried changing protection="None" and thats work perfectly..... so the issue might be of FormsAuthentication Ticket Cookie encryption and decryption. My hosting provider is saying that its session timeout issue and suggest me to change session mode
to StateServer but thats giving exception and they are not providing proper StateConnectionString also. I want to ask how forms authentication ticket timeout is related to session timeout??????
Session timeouts and forms authentication time out works differently.session time out is reset upon every request while in forms authetication this value gets update when approximately half of the time remains. IIS resets do not reset forms authentication
tickets, yet they reset sessions.To deal with this issue In global.asax.cs write a code in Application_PreRequestHandlerExecute event that gets called at the beginning of every request. This method will check to make sure that we have a session if the ticket
is valid, otherwise it logs the user out.
Manual Machine Key solved my issue .....I am surprised that my hosting support team didn't suggest me that i have send so many mails to them
but they always say the issue is with product development team
one more thing to ask Currently i am not using session variables but in future if i use SessionState mode as StateServer then Worker process recycling will create problem for me or not?
one more thing to ask Currently i am not using session variables but in future if i use SessionState mode as StateServer then Worker process recycling will create problem for me or not?
"StateServer mode, which stores session state in a separate process called the ASP.NET state service.
This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm."
Thanks for the links hans_v .... i don't want to build own SessionState provider instead i am happy to use StateServver mode
but in the attribute stateConnectionString="tcpip=SampleStateServer:42424" which address to store.
My hosting support people says its the ip address of my domain but thats gives exception like:
Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote
requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection. If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the
state server connection string must use either 'localhost' or '127.0.0.1' as the server name.
protected void Application_PreRequestHandlerExecute(object sender, EventArgs e) { //Only access session state if it is available if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState) { //If we are authenticated AND we dont have a session here.. redirect to login page. HttpCookie authenticationCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authenticationCookie != null) { FormsAuthenticationTicket authenticationTicket = FormsAuthentication.Decrypt(authenticationCookie.Value); if (!authenticationTicket.Expired) { //Replace ANYKNOWNVALUEHERETOCHECK with "UserId" or something you set on the login that you can check here to see if its empty. if (Session[ANYKNOWNVALUEHERETOCHECK] == null) { //This means for some reason the session expired before the authentication ticket. Force a login. FormsAuthentication.SignOut(); Response.Redirect(FormsAuthentication.LoginUrl, true); return; } } } } }
rajesh sahar...
Member
225 Points
553 Posts
FormsAthentication ticket expiring within 1 minute on hosting server
Feb 28, 2012 04:33 AM|LINK
I am generating a FormsAuthentication Ticket on User Login based on Roles...but user automatically logs out within 1 minute
even though i have set timeout to 24 hours...but cookie still exists in the browser...... its working perfectly in localhost
My ticket code is:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.Now.AddMinutes(1440), false, Roles, FormsAuthentication.FormsCookiePath);
string hashcookies = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashcookies); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie);
My web.config settings are:
i have tried changing protection="None" and thats work perfectly..... so the issue might be of FormsAuthentication Ticket Cookie encryption and decryption. My hosting provider is saying that its session timeout issue and suggest me to change session mode to StateServer but thats giving exception and they are not providing proper StateConnectionString also. I want to ask how forms authentication ticket timeout is related to session timeout??????
FormsAuthentication ticket
rajeshw610
Member
20 Points
14 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 28, 2012 05:21 AM|LINK
Session timeouts and forms authentication time out works differently.session time out is reset upon every request while in forms authetication this value gets update when approximately half of the time remains. IIS resets do not reset forms authentication tickets, yet they reset sessions.To deal with this issue In global.asax.cs write a code in Application_PreRequestHandlerExecute event that gets called at the beginning of every request. This method will check to make sure that we have a session if the ticket is valid, otherwise it logs the user out.
Rajesh
FormsAuthentication ticket
rajesh sahar...
Member
225 Points
553 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 28, 2012 05:27 AM|LINK
Thanks Rajesh
But can you provide me the sample code for Application_PreRequestHandlerExecute event......
FormsAuthentication ticket
hans_v
All-Star
35986 Points
6550 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 28, 2012 09:16 PM|LINK
http://forums.asp.net/t/1768754.aspx/1?Authentication+constantly+forcing+me+to+logon
FormsAuthentication ticket
rajesh sahar...
Member
225 Points
553 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 06:23 AM|LINK
Thanks hans_v
Manual Machine Key solved my issue .....I am surprised that my hosting support team didn't suggest me that i have send so many mails to them
but they always say the issue is with product development team
one more thing to ask Currently i am not using session variables but in future if i use SessionState mode as StateServer then Worker process recycling will create problem for me or not?
Thanks
FormsAuthentication ticket
hans_v
All-Star
35986 Points
6550 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 08:12 AM|LINK
"StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm."
http://msdn.microsoft.com/en-us/library/ms178586.aspx
Another option is to build your own SessionState provider
http://msdn.microsoft.com/en-us/library/ms178587.aspx
rajesh sahar...
Member
225 Points
553 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 08:33 AM|LINK
Thanks for the links hans_v .... i don't want to build own SessionState provider instead i am happy to use StateServver mode
but in the attribute stateConnectionString="tcpip=SampleStateServer:42424" which address to store.
My hosting support people says its the ip address of my domain but thats gives exception like:
Unable to make the session state request to the session state server. Please ensure that the ASP.NET State service is started and that the client and server ports are the same. If the server is on a remote machine, please ensure that it accepts remote requests by checking the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\Parameters\AllowRemoteConnection. If the server is on the local machine, and if the before mentioned registry value does not exist or is set to 0, then the state server connection string must use either 'localhost' or '127.0.0.1' as the server name.
rajeshw610
Member
20 Points
14 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 09:03 AM|LINK
rajesh sahar...
Member
225 Points
553 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 09:10 AM|LINK
Dear rajeshw610
For what purpose i can use this code .......can you ellaborate please
hans_v
All-Star
35986 Points
6550 Posts
Re: FormsAthentication ticket expiring within 1 minute on hosting server
Feb 29, 2012 09:33 AM|LINK
But does your host support StateServer?