troubleshooting Question

ASP.Net persistent cookie not working

Avatar of senior_internet
senior_internet asked on
C#ASP.NETWeb Applications
2 Comments1 Solution2713 ViewsLast Modified:
Hi all,

We are using a standard Asp.net Login control to authenticate users in a web
application. We have allowed the 'remember me' checkbox to be displayed. We
have set the the cookie timeout  (in the forms element of the web.config) to
be 525600 (1 year). The cookie seems to be working initially but after a
certain amount of time (a day or two, it seems to vary), the application
stops remembering us and prompts us to log in again. The strange thing is
that the cookie still exists on the client machine and has an expiry date of
a year from now so why would the application not be recognising it? I thought it might be the machine key changing that was stopping the cookie from being decoded properly so I manually enetered a machine key into the web.config. Unfortunately that made no difference.

I'm running on IIS version 6 using Asp.net v2.0.

Here's the entire authentication section of the web.config

  <authentication mode="Forms">
       <forms name=".ASPXAUTH"
                   protection="All"
                   timeout="525600"
                   path="/"
                   requireSSL="false"
                   slidingExpiration="true"
                   cookieless="UseDeviceProfile"
                   loginUrl="~/UserAccount/Login.aspx"
defaultUrl="~/Default.aspx"/>
  </authentication>

Here's the section of the web.config that sets the machine key (which seems to make no difference)

      <system.web>
            <machineKey validationKey="106DF81D159AD13D9...........154F064EE22EF779E845C"            decryptionKey="0D8DACE284231159C78AB6937480.......FFD0A8D8"
                  validation="SHA1"
                  decryption="AES" />

Here's the login control converted to a template:

    <asp:Login ID="login1" runat="server">
        <LayoutTemplate>
           <div class="list_form">
                <asp:Label ID="UserNameLabel" runat="server"
                                  AssociatedControlID="UserName">
                    <span>User Name:</span>
                    <asp:TextBox ID="UserName" runat="server"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="UserNameRequired"
runat="server"
                                                                        ControlToValidate="UserName"
                                                                        ErrorMessage="User
Name is required."
                                                                        ToolTip="User
Name is required."
                                                                        ValidationGroup="login"
                                                                        Display="Dynamic">*</asp:RequiredFieldValidator>
                </asp:Label>
                <div class="clear"></div>
                <asp:Label ID="PasswordLabel" runat="server"
                                  AssociatedControlID="Password">
                    <span>Password:</span>
                    <asp:TextBox ID="Password" runat="server"
TextMode="Password"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="PasswordRequired"
runat="server"
                                                                ControlToValidate="Password"
                                                                ErrorMessage="Password
is required."
                                                                ToolTip="Password
is required."
                                                                ValidationGroup="login"
                                                                Display="Dynamic">*</asp:RequiredFieldValidator>
                </asp:Label>

                <div class="clear"></div>
                <asp:Label ID="Label1" runat="server" AssociatedControlID="RememberMe">
                    <span>Remember me</span>
                    <asp:CheckBox ID="RememberMe" runat="server" />
                </asp:Label>

                <asp:Literal ID="FailureText" runat="server"
EnableViewState="False"></asp:Literal>
                <div class="buttons">
                    <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="login" />
                </div>
           </div>
      </LayoutTemplate>
    </asp:Login>

And here's a summary of the cookie content as displayed by firefox even when the site is asking me to log in.

Name      .ASPXAUTH
Value      60BCF4E7E052FE454EC......7AF74
Host      our.website.co.uk
Path      /
Secure      No
Expires      Fri, 12 Sep 2009 10:03:16 GMT

Is there anything I could be missing here that would make the application ignore this cookie?

Many Thanks,

Chris.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros