Trying to get persistent login to work

I'm trying to implement a Remember Me checkbox on my login form that when checked, remembers the users login and password so next time they visit the site they don't have to log in. It doesn't work. Whether I visit another site then come back or close the browser and open a new one to go back to the site, the login page always comes up. Can anyone see where I've gone wrong here? ----------- Here's the VB code -------------

<script runat="server">
    Sub Login_Click(Src as Object, E as EventArgs)
	'store NRDS # in Session variable
	Session.Contents("MAJOR_KEY") = MAJOR_KEY.Text
	'establish ADO.Net connection
	Dim strConn As String = ConfigurationSettings.AppSettings("ConnectionString")
	'sql to get user info
	Dim strSql as String = "SELECT USERNAME, PASSWORD FROM [member] WHERE (USERNAME = '" + USERNAME.Text + "') AND (PASSWORD = '" + PASSWORD.Text + "')"
	Dim objConn as New SqlConnection(strConn)
	Dim objCommand as New SqlCommand(strSql, objConn)
	Dim objDataReader as SqlDataReader
	objConn.Open() 'open the connection
	'open the DataReader to access data
	objDataReader = objCommand.ExecuteReader(CommandBehavior.CloseConnection)
	If PASSWORD.Text="1234" then
                                response.write ("You must register and change your password to access the members area.")
	Else
		If objDataReader.Read() = True Then 'USERNAME/PASSWORD match, verify again
			If objDataReader("USERNAME") = USERNAME.Text And objDataReader("PASSWORD") = PASSWORD.Text Then
			FormsAuthentication.RedirectFromLoginPage(USERNAME.Text, RememberMe.Checked) 'authenticate login, redirect to default page
			Session.Contents("loginFail") = "N" 'this won't be used if successful login
			Response.Redirect("members/default.aspx") 'send user to main page with their customized selections
		Else
			Session.Contents("loginCount") += 1 'login failed increment counter
			objDataReader.Close() 'clean up close datareader
			objConn.Close() 'clean up close ado.net connection
			Session.Contents("loginFail") = "Y" 'set variable for lockout page
			Response.Redirect("index.aspx") 'redirect to login again
		End If
	Else
                                Session.Contents("loginFail") = "Y" 'set variable for lockout page
		Response.Write("Invalid NRDS # or Password. Please Try again.")
	End If
End If
objDataReader.Close() 'clean up
objConn.Close()
End Sub
</script>

----------- Here's the form: ------------

Member Login
<div align="left">NRDS #: </div>
<div class="body" align="left">Password: </div>
Remember passwords are CASE sensitive
<div class="body" align="left">Remember Login: </div>
<div align="right"> </div>	<input style="DISPLAY: none" type="text" /> <input id="Reset1" type="reset" value="Reset" name="Reset1" runat="server" />
You must register in order to gain access to the members section. Register Now

This site requires

</form>

-------- And here are the key parts of my web.config file -----------


<forms name=".theDefault" 
  loginUrl="members/login.aspx" 
  path="/" 
  protection="All" 
  timeout="15" >
</forms>

Re: Trying to get persistent login to work

Without actually running your code (hence being lazy :-) ), couple of things to check: * Check the value of RememberMe.Checked to be sure it really comes back as true. * Double-check that your browser is accepting cookies. (After running this code, look at your cookie store and see if the server has written one out.) If those things aren't the problem, I'll try running your code ... ;-)

Re: Trying to get persistent login to work

Mikepope, Thanks for your reply. I checked both of those things and all looks as it should. RememberMe.Checked does return as true, and cookie is being written. Any other thoughts...? Thanks

Re: Trying to get persistent login to work

Well, bad news, it seems -- it works ok for me. This is how I tested: 1) Create a members folder under the root. 2) Put a default.aspx page in it. 3) Put login.aspx in the members folder. 4) Add sections to web.config. 5) In browser, ask for localhost/site/members. ASP.NET displays the login page. 6) Enter login credentials, click Remember Me, click Login. Default.aspx page is displayed. 7) Close browser. 8) In browser, ask for localhost/site/members. This time, ASP.NET displays the default.aspx w/o a login. 9) Delete cookie for my site. 10) In browser, ask for localhost/site/members. ASP.NET displays the login page. 11) Enter login creds, do not check Remember Me, click Login. Default.aspx page is displayed. 12) Close browser. 13) Open browser, ask for localhost/site/members. ASP.NET displays the login page. This is the expected the behavior, I believe. Just so you can see what I was testing, I attached the slightly modified logintest.aspx page that I was using. What I would do next is to create a very simple login page and protected page and try to whittle the scenario down to its bare essentials. (For instance, in the test scenario, just hardcode a username and password.) The idea would be to see if there's something inherently wrong with Forms authentication on your site or whether it involves some application bug in your current app. Just a thought. ===============

<script runat="server">
Sub Login_Click(Src as Object, E as EventArgs)
   'store NRDS # in Session variable
   Session.Contents("MAJOR_KEY") = MAJOR_KEY.Text


   Dim strConn As String = ConfigurationSettings.AppSettings("ConnectionString")
   Dim strSql as String = "SELECT USERNAME FROM [Users] WHERE (USERNAME = '" + USERNAME.Text + "')"
   Dim objConn as New SqlConnection(strConn)
   Dim objCommand as New SqlCommand(strSql, objConn)
   Dim objDataReader as SqlDataReader
   objConn.Open() 'open the connection
   objDataReader = objCommand.ExecuteReader(CommandBehavior.CloseConnection)
   

   If PASSWORD.Text="1234" then
        response.write ("You must register and change your password to access the members area.")
   Else
       If objDataReader.Read() = True Then 'USERNAME/PASSWORD match, verify again
          If objDataReader("USERNAME") = USERNAME.Text Then
            FormsAuthentication.RedirectFromLoginPage(USERNAME.Text, RememberMe.Checked)   'authenticate login, redirect to default page
            Session.Contents("loginFail") = "N" 'this won't be used if successful login
            Response.Write("login successful")
            Response.Redirect("default.aspx")   'send user to main page with their customized selections
          Else
            Session.Contents("loginCount") += 1 'login failed increment counter
            objDataReader.Close() 'clean up close datareader
            objConn.Close()   'clean up close ado.net connection
            Session.Contents("loginFail") = "Y" 'set variable for lockout page
            Response.Write("login failed")
            'Response.Redirect("index.aspx")   'redirect to login again
          End If
      Else
         Session.Contents("loginFail") = "Y" 'set variable for lockout page
         Response.Write("Invalid NRDS # or Password. Please Try again.")
      End If
   End If
   objDataReader.Close() 'clean up
   objConn.Close()
End Sub
</script>




<form id="frmLogin" name="frmLogin" runat="server">
   
   
   
   
       Member Login
   
   
      
         <div align="left">NRDS #: </div>
      
      
         
      
   
   

   
       <div class="body" align="left">User name:</div>
      
         
      
   


   
       <div class="body" align="left">Password:</div>
      
         
      
   
   

   
      
         Remember passwords are CASE sensitive
      
   
   

   
       <div class="body" align="left">
         Remember Login: </div>
      
      
         
      
   
   

   
      
         <div align="right">
            
         </div>
      
      
         <input style="DISPLAY: none" type="text" />
         <input id="Reset1" type="reset" value="Reset" name="Reset1" runat="server" />
      
   
   

   
      
         
 You must register in order to

         gain access to the members section. 


         
 Register Now 

      
   
   
   
   

   
This site requires

      <asp:HyperLink
      	id="flash"
      	runat="server"
      	Target="_blank"
      	NavigateUrl="http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash">
      
      
         
      
   


</form>

Re: Trying to get persistent login to work

Thanks, I had a feeling it would work correctly. Must be something else going on here. I'll take the steps you recommended. Thanks for your help.