I'm using the ASP.NET 2.0 Login control.  Works great except in the case of the "remember me" option.  How does one control the cookie persistence duration?  "Remember me" seems to work so long as you don't turn off the PC.  The cookie does not seem to persist after re-boot.  Anyone had the same experience?

Which PC?  Just the client, or the one that you're running the web application on as well?

This is a deployed application running on a shared hosting server.  I've only tried it on two PCs, both are running XP professional.  Cookies are enabled and I don't have this problem with other "remember me" sites.  There is something inherent to the ASP.NET 2.0 login control that must be the cause.  What else could it be?

Hmm...I doubt it.   I bet that you're having an issue with the app recycling, and generating a new machine key, so it just can't read the existing persistent cookie.  If you generate a static machine key and set it in your web.config file, I'd wager that the problem will disappear.

And.... you would win that wager!  I generated a machine key, placed it in web.config, and viola -- problem solved.  Thank you!

even with the machine key, my site appears to lose track of this alleged cookie.  this morning, I went back to my web site and I am not logged in.  exactly what is this the point of the "remember me next time" checkbox?  want to make a new wager?

Well, the most likely possibility is that the cookie is disappearing from your machine. 

Can you check your browser cache when you first login to the site to check that it's creating a persistant cookie, and check the expiration date on the cookie?   IIRC, persistant forms authentication cookies were set to expire fifty years after the creation date in ASP.Net 1.x by default, and I don't imagine that would have changed for ASP.Net v2, but it's worth checking the cookie on your machine to see what's happening. 

Hmm, I had a similar issue, this seems to have been stealth-changed by the asp.net team, since I haven't seen anything regarding it. A half-dozen 2.0 apps that stubbornly refuse to persist their users later and I think I found it. :)

  It used to be that when you persisted the cookie (in 1.1), the cookie would have an expiration date of 50 years, ignoring whatever was put in the timeout value in the web.config (or so I believe is how it worked or didn't work as it were). 

Now it only uses the timeout value, and the timeout value defaults to 30 minutes.  This is what makes it difficult to test, since you're likely to close all your browser windows and/or reboot since we know that it breaks any connection to what we (people more used to 1.1) assume is a session problem, and if reopening the browser still logs us in, we assume the issue is fixed.  Of course 30 minutes go by and then we're logged out again.

Regardless, the fix seems simple, just change the timeout value in your web.config.  I set mine to 20160 for a 14 day sliding expiration after they last used the site.  

<authentication mode="Forms" >

<forms

name=".ASPXAUTH"

loginUrl="login.aspx"

defaultUrl="default.aspx"

protection="All"

timeout="20160"

path="/"

requireSSL="false"

slidingExpiration="true"

cookieless="UseDeviceProfile" domain=""

enableCrossAppRedirects="false">

<credentials passwordFormat="SHA1" />

</forms>

</authentication>

 

I really think this should be part of the web admin, unless there is some hidden file somewhere that points this out, I would guess a lot of people have non-functioning persisting cookies.

Happy Holidays!

Thanks, Richard.  Your suggestion was the verified solution.  After adding this to web.config, my cookie has persisted after 8 hours.  I have no reason to belive that this post can be marked as resolved... for good this time.