?
Solved

Forms authentication ticket seems to expire pre-maturely and kick out the user

Posted on 2012-08-13
14
Medium Priority
?
1,476 Views
Last Modified: 2012-09-05
Although I set the timeout to 60 or 1440, it seems the user gets logged out in few minutes, may be 20-30 mts.

Any suggestions would be great.HOw canI start debugging this issue?

    <sessionState mode="InProc" stateConnectionString="tcpip=something" sqlConnectionString="data source=something;Trusted_Connection=yes" cookieless="false" timeout="60" />
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
 Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String
            Dim ck As HttpCookie
            Dim intTimeoutMinutes As Integer = 1
            Dim intRtn As Integer = 1

            Try
                'set cookie timout period based on isPersistent
                If isPersistent Then
                    intTimeoutMinutes = 43200 '30 days
                Else
                    intTimeoutMinutes = 60
                End If
                'create auth cookie
                tkt = New FormsAuthenticationTicket(1, strUserName, DateTime.Now(), DateTime.Now.AddMinutes(intTimeoutMinutes), isPersistent, strUserName)
                cookiestr = FormsAuthentication.Encrypt(tkt)
                ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
                If isPersistent Then
                    ck.Expires = tkt.Expiration
                End If
                ck.Path = FormsAuthentication.FormsCookiePath()
                'write auth cookie to client PC
                System.Web.HttpContext.Current.Response.Cookies.Add(ck)
               
            Catch ex As Exception
                intRtn = -1
            End Try
0
Comment
Question by:TrialUser
12 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 38291367
Why are you creating the cookies yourself? Forms authentication creates and manages the cookies for you.
0
 

Author Comment

by:TrialUser
ID: 38291677
You mean just this would do it :
      FormsAuthentication.SetAuthCookie(strUserName, False) ?
0
 

Author Comment

by:TrialUser
ID: 38293248
Ok, with my original code, it works in the local. However when I published it does not work in the production environment. The timeout does not take its minutes from the Web.config or what is set in the code.

Is there any setting in the IIS 7? Thanks
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 83

Accepted Solution

by:
CodeCruiser earned 2000 total points
ID: 38293334
No it takes its settings from web.config. You are sure there is only one? Any other errors being generated? Changes to config, dlls etc also reset session.
0
 

Author Comment

by:TrialUser
ID: 38293644
I was getting this error :.
The error I got is :
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
0
 

Author Comment

by:TrialUser
ID: 38293647
<authentication mode="Forms">
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
    </authentication>
0
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 38293825
Is that on a particular page or all pages? Do you have only one web.config in the whole of your site?
0
 

Author Comment

by:TrialUser
ID: 38294188
There  is only web.config file.
0
 

Author Comment

by:TrialUser
ID: 38310111
I re-wrote the code. Stripped out the code where I create the forms authentication cookie and did this  still does not work. Makes me think somethng is wrong in the IIS 7 configuration. Please suggest. I really need to get this resolved asap. Any help will be rgeatly appreciated, Thanks
  FormsAuthentication.RedirectFromLoginPage(strUserName, isPersistent)
authentication mode="Forms">
        <forms loginUrl="frmstartlogin.aspx" name=".ASPXFORMSAUTH" defaultUrl="frmstart.aspx" path="/" timeout="35">
        </forms>
      </authentication>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/><sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/>
0
 
LVL 26

Expert Comment

by:Alan Warren
ID: 38310288
subscribed
0
 
LVL 13

Expert Comment

by:Rahul Agarwal
ID: 38310654
Have you try this

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
(
   1, // version
   txtEmail.Text, // name
   DateTime.Now, // issueDate
   DateTime.Now.AddMinutes(30), // expiration
   false, // isPersistent
   roles, // userData
   FormsAuthentication.FormsCookiePath // cookiePath
 );

Reference:
http://weblogs.asp.net/owscott/archive/2006/07/15/Forms-Authentication-Timeout.aspx
0
 
LVL 15

Expert Comment

by:rajeeshmca
ID: 38310816
Hi,

Check the AppPool assigned for the website in the IIS.

Right Click on the assigned AppPool and click "Advanced Settings"

In that check for "Idle Timeout - Minutes" under the process Model..



Regards
Rajeesh
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

CTAs encourage people to do something specific to show interest in your company, product or service. Keep reading to learn why CTAs should always be thought of as extremely important, albeit small, sections of websites.
Ready to get certified? Check out some courses that help you prepare for third-party exams.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question