asked on

ASP.Net persistent cookie not working

Hi all,

We are using a standard Asp.net Login control to authenticate users in a web
application. We have allowed the 'remember me' checkbox to be displayed. We
have set the the cookie timeout (in the forms element of the web.config) to
be 525600 (1 year). The cookie seems to be working initially but after a
certain amount of time (a day or two, it seems to vary), the application
stops remembering us and prompts us to log in again. The strange thing is
that the cookie still exists on the client machine and has an expiry date of
a year from now so why would the application not be recognising it? I thought it might be the machine key changing that was stopping the cookie from being decoded properly so I manually enetered a machine key into the web.config. Unfortunately that made no difference.

I'm running on IIS version 6 using Asp.net v2.0.

Here's the entire authentication section of the web.config

<authentication mode="Forms">
<forms name=".ASPXAUTH"
protection="All"
timeout="525600"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile"
loginUrl="~/UserAccount/Login.aspx"
defaultUrl="~/Default.aspx"/>
</authentication>

Here's the section of the web.config that sets the machine key (which seems to make no difference)

      <system.web>
            <machineKey validationKey="106DF81D159AD13D9...........154F064EE22EF779E845C"            decryptionKey="0D8DACE284231159C78AB6937480.......FFD0A8D8"
                  validation="SHA1"
                  decryption="AES" />

Here's the login control converted to a template:

<asp:Login ID="login1" runat="server">
<LayoutTemplate>
<div class="list_form">
<asp:Label ID="UserNameLabel" runat="server"
AssociatedControlID="UserName">
<span>User Name:</span>
<asp:TextBox ID="UserName" runat="server"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired"
runat="server"
ControlToValidate="UserName"
ErrorMessage="User
Name is required."
ToolTip="User
Name is required."
ValidationGroup="login"
Display="Dynamic">*</asp:RequiredFieldValidator>
</asp:Label>
<div class="clear"></div>
<asp:Label ID="PasswordLabel" runat="server"
AssociatedControlID="Password">
<span>Password:</span>
<asp:TextBox ID="Password" runat="server"
TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired"
runat="server"
ControlToValidate="Password"
ErrorMessage="Password
is required."
ToolTip="Password
is required."
ValidationGroup="login"
Display="Dynamic">*</asp:RequiredFieldValidator>
</asp:Label>

<div class="clear"></div>
<asp:Label ID="Label1" runat="server" AssociatedControlID="RememberMe">
<span>Remember me</span>
<asp:CheckBox ID="RememberMe" runat="server" />
</asp:Label>

<asp:Literal ID="FailureText" runat="server"
EnableViewState="False"></asp:Literal>
<div class="buttons">
<asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="login" />
</div>
</div>
</LayoutTemplate>
</asp:Login>

And here's a summary of the cookie content as displayed by firefox even when the site is asking me to log in.

Name      .ASPXAUTH
Value      60BCF4E7E052FE454EC......7AF74
Host      our.website.co.uk
Path      /
Secure      No
Expires      Fri, 12 Sep 2009 10:03:16 GMT

Is there anything I could be missing here that would make the application ignore this cookie?

Many Thanks,

Chris.

ripahoratiu

Hmmm nothing seems to be wrong....
1. Is this behavior the same. regardless of browser?
2. If you're using two different machines do they "lose" their cookie (ask for authentication) at the same time?
I think this looks like a server restart...

ASKER CERTIFIED SOLUTION

senior_internet

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial