We help IT Professionals succeed at work.

Forms authentication ticket seems to expire pre-maturely and kick out the user

Although I set the timeout to 60 or 1440, it seems the user gets logged out in few minutes, may be 20-30 mts.

Any suggestions would be great.HOw canI start debugging this issue?

    <sessionState mode="InProc" stateConnectionString="tcpip=something" sqlConnectionString="data source=something;Trusted_Connection=yes" cookieless="false" timeout="60" />
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
 Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String
            Dim ck As HttpCookie
            Dim intTimeoutMinutes As Integer = 1
            Dim intRtn As Integer = 1

            Try
                'set cookie timout period based on isPersistent
                If isPersistent Then
                    intTimeoutMinutes = 43200 '30 days
                Else
                    intTimeoutMinutes = 60
                End If
                'create auth cookie
                tkt = New FormsAuthenticationTicket(1, strUserName, DateTime.Now(), DateTime.Now.AddMinutes(intTimeoutMinutes), isPersistent, strUserName)
                cookiestr = FormsAuthentication.Encrypt(tkt)
                ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
                If isPersistent Then
                    ck.Expires = tkt.Expiration
                End If
                ck.Path = FormsAuthentication.FormsCookiePath()
                'write auth cookie to client PC
                System.Web.HttpContext.Current.Response.Cookies.Add(ck)
               
            Catch ex As Exception
                intRtn = -1
            End Try
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
Why are you creating the cookies yourself? Forms authentication creates and manages the cookies for you.

Author

Commented:
You mean just this would do it :
      FormsAuthentication.SetAuthCookie(strUserName, False) ?

Author

Commented:
Ok, with my original code, it works in the local. However when I published it does not work in the production environment. The timeout does not take its minutes from the Web.config or what is set in the code.

Is there any setting in the IIS 7? Thanks
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014
Commented:
No it takes its settings from web.config. You are sure there is only one? Any other errors being generated? Changes to config, dlls etc also reset session.

Author

Commented:
I was getting this error :.
The error I got is :
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Author

Commented:
<authentication mode="Forms">
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
    </authentication>
CERTIFIED EXPERT
Most Valuable Expert 2012
Top Expert 2014

Commented:
Is that on a particular page or all pages? Do you have only one web.config in the whole of your site?

Author

Commented:
There  is only web.config file.

Author

Commented:
I re-wrote the code. Stripped out the code where I create the forms authentication cookie and did this  still does not work. Makes me think somethng is wrong in the IIS 7 configuration. Please suggest. I really need to get this resolved asap. Any help will be rgeatly appreciated, Thanks
  FormsAuthentication.RedirectFromLoginPage(strUserName, isPersistent)
authentication mode="Forms">
        <forms loginUrl="frmstartlogin.aspx" name=".ASPXFORMSAUTH" defaultUrl="frmstart.aspx" path="/" timeout="35">
        </forms>
      </authentication>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/><sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/>
Alan WarrenApplications Developer

Commented:
subscribed
Rahul AgarwalTeam Leader
CERTIFIED EXPERT

Commented:
Have you try this

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
   1, // version
   txtEmail.Text, // name
   DateTime.Now, // issueDate
   DateTime.Now.AddMinutes(30), // expiration
   false, // isPersistent
   roles, // userData
   FormsAuthentication.FormsCookiePath // cookiePath
 );

Reference:
http://weblogs.asp.net/owscott/archive/2006/07/15/Forms-Authentication-Timeout.aspx
CERTIFIED EXPERT

Commented:
Hi,

Check the AppPool assigned for the website in the IIS.

Right Click on the assigned AppPool and click "Advanced Settings"

In that check for "Idle Timeout - Minutes" under the process Model..



Regards
Rajeesh

Explore More ContentExplore courses, solutions, and other research materials related to this topic.