Solved

Persistent Cookie for Login not working

Posted on 2006-06-21
8
340 Views
Last Modified: 2008-02-26
The remember me feature for login is not working for me.  All other aspects seem to work fine.  When the timeout expires it makes me log in again.  I was under the impression that entering "True" in the redirectfromlogin would set a persistant cookie that overrides the timeout.  What am I doing wrong?



Here is the relevant web config
**************************************
 <authentication mode="Forms">
        <forms loginUrl="admin/login.aspx" name="UCLGN" timeout="1" protection="All" ></forms>
      </authentication>


 <location path="admin">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
************************************

I set the timeout to 1 to exagerate the problem for testing.

Here is my login page code
************************************
 Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Not IsPostBack Then
            FormsAuthentication.SignOut()
        End If
    End Sub


    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim conn As New SqlConnection(ConfigurationManager.ConnectionStrings("UC").ConnectionString)
        Dim cmd As New SqlCommand("SELECT * FROM vUsers WHERE username = @username and password = @password", conn)
        cmd.Parameters.AddWithValue("@username", Me.txtUserName.Text)
        cmd.Parameters.AddWithValue("@password", Me.txtPassword.Text)
        conn.Open()
        Dim dtr As SqlDataReader = cmd.ExecuteReader(CommandBehavior.CloseConnection)
        If dtr.Read Then
            FormsAuthentication.RedirectFromLoginPage(dtr("idUser"), Me.chkRememberMe.Checked)
        Else
            Me.lblLoginMessage.Text = "Invalid Login"
        End If
    End Sub

0
Comment
Question by:dbashley1
  • 3
  • 2
8 Comments
 
LVL 27

Expert Comment

by:Sammy
ID: 16952356
looks like you are missing the cookie path in your web.config

<authentication mode="Forms">
        <forms loginUrl="admin/login.aspx" name="UCLGN" timeout="1" path="/" protection="All" ></forms>
      </authentication>

HTH
0
 

Author Comment

by:dbashley1
ID: 16952689
sammy,

I added that...it didn't seem to make a difference.

0
 

Author Comment

by:dbashley1
ID: 16952939
In my temp internet files I see a single cookie with an expiration one minute after creation.  Should there be another cookie for the persistant feature?
0
 

Author Comment

by:dbashley1
ID: 16953317
I found this article.....
http://blogs.msdn.com/dansellers/archive/2006/02/15/532359.aspx

Indicating that in 2.0  both the session and persistant cookie timeout is controled by the timout value in your web config.

0
 
LVL 27

Accepted Solution

by:
Sammy earned 250 total points
ID: 16957347
dbashley,
in asp.net 2.0 setting authentication cookie without a sliding expiration will cause the framework to create a cookie using something like this DateTime.Now.AddMinutes(T), where T is the time you have configured in your web.config as the timeout time.  if you omitted that you would default to 30 minutes

I would clear the temp file completely, login and check it out see if the cookie have been written, another option is to use a different browser for testing purposes.

Regards
Sammy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Execute Stored Procedure for a set of values 5 42
Disable and re-enable a dynamic System.Timers.Timer 6 40
Tool Box 2 35
Syntax Error 2 45
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now