I'm using the ASP.NET 2.0 Login control. Works great except in the case of the "remember me" option. How does one control the cookie persistence duration? "Remember me" seems to work so long as you don't turn off the PC. The cookie does not seem to persist
after re-boot. Anyone had the same experience?
This is a deployed application running on a shared hosting server. I've only tried it on two PCs, both are running XP professional. Cookies are enabled and I don't have this problem with other "remember me" sites. There is something inherent to the ASP.NET
2.0 login control that must be the cause. What else could it be?
Hmm...I doubt it. I bet that you're having an issue with the app recycling, and generating a new machine key, so it just can't read the existing persistent cookie. If you generate a static machine key and set it in your web.config file, I'd wager that the
problem will disappear.
even with the machine key, my site appears to lose track of this alleged cookie. this morning, I went back to my web site and I am not logged in. exactly what is this the point of the "remember me next time" checkbox? want to make a new wager?
Well, the most likely possibility is that the cookie is disappearing from your machine.
Can you check your browser cache when you first login to the site to check that it's creating a persistant cookie, and check the expiration date on the cookie? IIRC, persistant forms authentication cookies were set to expire fifty years after the creation
date in ASP.Net 1.x by default, and I don't imagine that would have changed for ASP.Net v2, but it's worth checking the cookie on your machine to see what's happening.
Hmm, I had a similar issue, this seems to have been stealth-changed by the asp.net team, since I haven't seen anything regarding it. A half-dozen 2.0 apps that stubbornly refuse to persist their users later and I think I found it. :)
It used to be that when you persisted the cookie (in 1.1), the cookie would have an expiration date of 50 years, ignoring whatever was put in the timeout value in the web.config (or so I believe is how it worked or didn't work as it were).
Now it only uses the timeout value, and the timeout value defaults to 30 minutes. This is what makes it difficult to test, since you're likely to close all your browser windows and/or reboot since we know that it breaks any connection to what we (people
more used to 1.1) assume is a session problem, and if reopening the browser still logs us in, we assume the issue is fixed. Of course 30 minutes go by and then we're logged out again.
Regardless, the fix seems simple, just change the timeout value in your web.config. I set mine to 20160 for a 14 day sliding expiration after they last used the site.
I really think this should be part of the web admin, unless there is some hidden file somewhere that points this out, I would guess a lot of people have non-functioning persisting cookies.
Thanks, Richard. Your suggestion was the verified solution. After adding this to web.config, my cookie has persisted after 8 hours. I have no reason to belive that this post can be marked as resolved... for good this time.
USFbobFL
Member
195 Points
39 Posts
Login control [remember me] cookie non-persistent
Dec 19, 2005 10:13 PM|LINK
Xanderno
Contributor
6040 Points
1200 Posts
Re: Login control [remember me] cookie non-persistent
Dec 20, 2005 03:58 AM|LINK
USFbobFL
Member
195 Points
39 Posts
Re: Login control [remember me] cookie non-persistent
Dec 20, 2005 10:40 AM|LINK
Xanderno
Contributor
6040 Points
1200 Posts
Re: Login control [remember me] cookie non-persistent
Dec 20, 2005 02:26 PM|LINK
USFbobFL
Member
195 Points
39 Posts
Re: Login control [remember me] cookie non-persistent
Dec 21, 2005 12:58 AM|LINK
USFbobFL
Member
195 Points
39 Posts
Re: Login control [remember me] cookie non-persistent
Dec 21, 2005 08:34 AM|LINK
even with the machine key, my site appears to lose track of this alleged cookie. this morning, I went back to my web site and I am not logged in. exactly what is this the point of the "remember me next time" checkbox? want to make a new wager?
Xanderno
Contributor
6040 Points
1200 Posts
Re: Login control [remember me] cookie non-persistent
Dec 21, 2005 04:25 PM|LINK
Well, the most likely possibility is that the cookie is disappearing from your machine.
Can you check your browser cache when you first login to the site to check that it's creating a persistant cookie, and check the expiration date on the cookie? IIRC, persistant forms authentication cookies were set to expire fifty years after the creation date in ASP.Net 1.x by default, and I don't imagine that would have changed for ASP.Net v2, but it's worth checking the cookie on your machine to see what's happening.
RichardMathi...
Participant
755 Points
166 Posts
Re: Login control [remember me] cookie non-persistent
Dec 23, 2005 07:38 PM|LINK
Hmm, I had a similar issue, this seems to have been stealth-changed by the asp.net team, since I haven't seen anything regarding it. A half-dozen 2.0 apps that stubbornly refuse to persist their users later and I think I found it. :)
It used to be that when you persisted the cookie (in 1.1), the cookie would have an expiration date of 50 years, ignoring whatever was put in the timeout value in the web.config (or so I believe is how it worked or didn't work as it were).
Now it only uses the timeout value, and the timeout value defaults to 30 minutes. This is what makes it difficult to test, since you're likely to close all your browser windows and/or reboot since we know that it breaks any connection to what we (people more used to 1.1) assume is a session problem, and if reopening the browser still logs us in, we assume the issue is fixed. Of course 30 minutes go by and then we're logged out again.
Regardless, the fix seems simple, just change the timeout value in your web.config. I set mine to 20160 for a 14 day sliding expiration after they last used the site.
<
authentication mode="Forms" ><
forms name=".ASPXAUTH" loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="20160" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="" enableCrossAppRedirects="false"><
credentials passwordFormat="SHA1" /></
forms></
authentication>I really think this should be part of the web admin, unless there is some hidden file somewhere that points this out, I would guess a lot of people have non-functioning persisting cookies.
Happy Holidays!
Dndorks Webmaster
http://dndorks.com/
TopWebcomics Webmaster
http://topwebcomics.com/
USFbobFL
Member
195 Points
39 Posts
Re: Login control [remember me] cookie non-persistent
Jan 02, 2006 04:17 PM|LINK
Thanks, Richard. Your suggestion was the verified solution. After adding this to web.config, my cookie has persisted after 8 hours. I have no reason to belive that this post can be marked as resolved... for good this time.