Last post Mar 24, 2016 03:33 AM by asplearning
Mar 23, 2016 02:48 AM|asplearning|LINK
Hello everyone, I have an issue with form authentication. I want to create remember me functionality. Things seems to work fine cause I can see that the ASPXAUTH cookie is created and the expiry date is one month from now. But for some reason after some
time leaving my browser idle, I need to log in again. I am not sure why.
Any idea how I can fix this?
Mar 23, 2016 08:14 AM|Nirali Maniar|LINK
I use this code and its working fine.
protected void Page_Load(object sender, EventArgs e)
if (Request.Cookies["username"] != null)
txtUID.Text = Request.Cookies["username"].Value;
protected void btnlogin_Click(object sender, EventArgs e)
if (chkRemember.Checked == true)
Response.Cookies["username"].Value = txtUID.Text;
Response.Cookies["username"].Expires = DateTime.Now.AddDays(30);
Response.Cookies["password"].Value = txtPWD.Text;
Response.Cookies["password"].Expires = DateTime.Now.AddDays(30);
Mar 23, 2016 10:19 AM|asplearning|LINK
Nirali thanks for the reply. I was thinking about this also but the problem with that is security. The username and password will be stored in the cookie as plain text so if someone wants to check it, they can steal it very easily.
Mar 23, 2016 10:32 AM|mqingqign123|LINK
this may caused by cookie path.
eg. the root site is www.asp.net and sub virtual path is www.asp.net/bbs
if you create cookie in /bbs directory, you can see cookie, but, it is not valid for
so, you can try set cookiepath="/" in web.config, at the same time, set timeout this will set cookie time
sorry, I forget timeout unit.
<authentication mode="Forms" >
<forms path="/" timeout="200"></forms>
by default, if you close browser, the cookie will will expire. so you need set timeout, this will keep cookie
Mar 23, 2016 10:57 AM|Nirali Maniar|LINK
if (chkRemember.Checked == true)
//clear any other tickets that are already in the response
//set the new expiry date – to thirty days from now
DateTime expiryDate = DateTime.Now.AddDays(30);
//create a new forms auth ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, txtUID.Text, DateTime.Now, expiryDate, true, String.Empty);
//encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//create a new authentication cookie – and set its expiration date
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authenticationCookie.Expires = ticket.Expiration;
//add the cookie to the response.
Mar 23, 2016 11:27 AM|asplearning|LINK
I will give it a try and get back to you, mqingqign123. I have tried many things but not the one you mentioned. By the way, the unit of timeout is minute.
Mar 24, 2016 03:33 AM|asplearning|LINK
Thank you for all the replies. I think I found out the reason after a few days of digging. The reason that my authentication cookie does't work is because the timeout. Although I added 30 days to make the authentication cookie last longer but when the timeout
is up a new machine key is generated and as a result, the cookie can't be decrypted. So what I did is to set a static machine key in my web.config file. Here is how to generate and apply it to the web.config file.
If you got internal server error, please have a look at this link, you need to add compatibilityMode="Framework20SP1" in the machine key configuration in web.config. Please have a look at this link
Hope it helps others too.