How to keep user logged in until they log out.

Sheritlw
Sheritlw used Ask the Experts™
on
I have an asp.net 3.5 application where I need to keep the user logged in until they actually click the log out button.
I have searched the internet, but couldn't find a clear answer.
I use forms authentication, but do not use the login control.  
From what I understand, expanding the session time, will bog down the system if there are a lot of users.  Most of the sites I've visited suggest setting a cookie.  
What would be the best way to keep a user logged in and how would I implement it?

Thank you,

###Web.config
<sessionState mode="InProc" cookieless="AutoDetect"  timeout="60"/>
<authentication mode="Forms">
   <forms loginUrl="Login.aspx" cookieless="AutoDetect" timeout="60" defaultUrl="/Stylist/Client_Services.aspx"/>
</authentication>

###Login Form
   Protected Sub LoginButton_Click(ByVal sender As Object, ByVal e As System.EventArgs)
        If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then
            If Me.RememberMe.Checked Then
                Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(txtUserName.Text, True, (12 * 60))
                Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
                Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
                cookie.Expires = authTicket.Expiration
                HttpContext.Current.Response.Cookies.Set(cookie)
            End If
            FormsAuthentication.SetAuthCookie(txtUserName.Text, False)
            Response.Redirect("/Stylist/Redirecting.aspx?NewStylist=" & Me.HiNewStylist.Value.ToString & "")
        Else
            Alert.Show("The email and/or password is incorrect.  Please retype your login information or click Register for a new account below.")
        End If
    End Sub

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,
There are different ways to keep the user logged on.
As you know that sessions are not recommended, you can either use cookies or database to store users login information.

If you want to implement it via cookies then you can do like this:

Writing Cookies:

Response.Cookies("userName").Value = "patrick"
Response.Cookies("userName").Expires = DateTime.Now.AddDays(1)

Dim aCookie As New HttpCookie("lastVisit")
aCookie.Value = DateTime.Now.ToString()
aCookie.Expires = DateTime.Now.AddDays(1)
Response.Cookies.Add(aCookie)


Reading Cookies:

If Not Request.Cookies("userName") Is Nothing Then
    Label1.Text = Server.HtmlEncode(Request.Cookies("userName").Value)
End If

If Not Request.Cookies("userName") Is Nothing Then
    Dim aCookie As HttpCookie = Request.Cookies("userName")
    Label1.Text = Server.HtmlEncode(aCookie.Value)
End If

You can read more about this over here:

http://msdn.microsoft.com/en-us/library/ms178194.aspx

Author

Commented:
Is there somewhere that I need to read this cookie?  Like in session timeout?

Thanks
you can check for the cookie at the time of validation of user login.
Here are few articles that will provide more options to decide:-

http://msdn.microsoft.com/en-us/magazine/cc300437.aspx
http://www.codeproject.com/Articles/31914/Beginner-s-Guide-To-ASP-NET-Cookies
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Author

Commented:
Great articles!  I started reading but it will take me a while to grasp...
So until I can understand how do to keep users logged in whether they close the browser or not, how can I just make sure users stay logged in until they either logout or close the browser?  
This application is for hair stylists and there will be a lot of times when the program will be idle, but the page still displayed.  I need to make sure that they are able to quickly go back to where they were when they need to use application.
How can I do this?
Thanks
did you ever see how google does this for you. even if you close the browser, next time when you open it, you will be logged in.

Its cookies mate....
That will give you what you need....

Author

Commented:
Yes, I understand that I just don't know how to implement it.

I know in my login form I place code similiar to...

Response.Cookies("userName").Value = "patrick"
Response.Cookies("userName").Expires = DateTime.Now.AddDays(1)

Dim aCookie As New HttpCookie("lastVisit")
aCookie.Value = DateTime.Now.ToString()
aCookie.Expires = DateTime.Now.AddDays(1)
Response.Cookies.Add(aCookie)

Open in new window


But since I use sessions, what do I do to keep them logged in.  Won't the system log them out when the session expires?

BTW - I am female:-)

Thanks
when user clicks the login button, i will authenticate the user, create a unique token for the authenticated user, encrypt it and store it on client side cookie.

Next on each page i would read the cookie, send the same to server to authenticate the user. you can also store the expiry date in cookies as per your needs or you can make the cookie persist till the time user logs out manually from your website.

BTW this is the method used by FB or GMAIL...
Try reading the msdn article in details, i m sure it will help you...

Cheers...

Author

Commented:
I read the MSDN article, it was very interesting, but it was written in 2003.
I am using asp.net 3.5 and from what I understand there are other ways to accomplish this.
In less than an hour, I start paying someone to start beta testing this application.
I really need to get this working right now.
Can you please provide an example of what I need to do?

Thanks

Commented:
You could try the method in example code
below, which uses "setInterval" to refresh
a connection to your secure site every 10
minutes (600,000 milliseconds)

Just place a small .gif file "image_file.gif" on your web site
<script type="text/javascript"> 

window.onload = function() {
  setInterval ("refresh_conn( )", 600000 ); // run refresh_conn( ) function every 10 mins
}

function refresh_conn( ) {
 var image1 = new Image();
    image1.src = "https://yoururl/image_file.gif";
    }
</script>

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial