• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1236
  • Last Modified:

forms authentication cookie expiration shows : At the end of session

When I open my website and Go to Developer tools (on IE9)
and view cookies I see

The cookie name I set for the forms autentication cookie, but the Expiration shows : At the end of the session. How can I make the cookie expire on the time I set in code here

<forms name=".dsa" loginUrl="frmStartLogin.aspx"  domain =".wsifb.com" defaultUrl="frmStart.aspx" protection="All" timeout="60" path="/" slidingExpiration="true"/>

  If isPersistent Then
                    intTimeoutMinutes = 43200 '30 days
                Else
                    intTimeoutMinutes = 1440
                End If
                'create auth cookie
                tkt = New FormsAuthenticationTicket(1, strUserName, DateTime.Now(), DateTime.Now.AddMinutes(intTimeoutMinutes), isPersistent, strUserName)
                cookiestr = FormsAuthentication.Encrypt(tkt)
                ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
                If isPersistent Then
                    ck.Expires = tkt.Expiration
                End If
                ck.Path = FormsAuthentication.FormsCookiePath()
                'write auth cookie to client PC
                System.Web.HttpContext.Current.Response.Cookies.Add(ck)
0
TrialUser
Asked:
TrialUser
  • 7
  • 4
1 Solution
 
TrialUserAuthor Commented:
It seems like forms authentoication cookie is not created and only the session cookie is created. Please help.
0
 
TrialUserAuthor Commented:
I am wondering if the forms authentication cookie is even created. When I check f12 developer tools-? Cace->View cookies on IE9, I just see one cookie that shows set to expire at end of session. So I am wondeirng if this cookie is the forms authentication cookie? Please help
0
 
Alan WarrenCommented:
Hi TrialUser,

Wondering if you need to set the directive to use cookies in the forms section of the web.config.
<forms name=".dsa" loginUrl="frmStartLogin.aspx"  domain =".wsifb.com" cookieless="UseCookies" defaultUrl="frmStart.aspx" protection="All" timeout="60" path="/" slidingExpiration="true"/>

Open in new window


Alan ";0)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
TrialUserAuthor Commented:
Alan, I tried your suggestion, that did not work.

Please suggest.
0
 
TrialUserAuthor Commented:
I re-wrote the code. Stripped out the code where I create the forms authentication cookie and did this  still does not work. Makes me think somethng is wrong in the IIS 7 configuration. Please suggest. I really need to get this resolved asap. Any help will be rgeatly appreciated, Thanks
  FormsAuthentication.RedirectFromLoginPage(strUserName, isPersistent)
authentication mode="Forms">
        <forms loginUrl="frmstartlogin.aspx" name=".ASPXFORMSAUTH" defaultUrl="frmstart.aspx" path="/" timeout="35">
        </forms>
      </authentication>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/><sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"  timeout="20"/>
0
 
Alan WarrenCommented:
Hi TrialUser,

This works on my machine.
web.config  
 <authentication mode="Forms">
      <forms loginUrl="login.aspx" timeout="2880" cookieless="UseCookies" />
    </authentication>

Open in new window

Login1_LoggedIn:
   Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn

        On Error GoTo ReportError

        Dim strErrMsg As String = ""

       FormsAuthentication.RedirectFromLoginPage(userName:=Login1.UserName, createPersistentCookie:=True)

    Dim i As Integer
    Dim output As String = ""
    Dim aCookie As HttpCookie
    For i = 0 To Request.Cookies.Count - 1
      aCookie = Request.Cookies(i)
      output &= "Cookie name = " & Server.HtmlEncode(aCookie.Name) & "<br>"
      output &= "Cookie value = " & Server.HtmlEncode(aCookie.Value) & "<br><br>"
    Next
    'Returns: "Cookie name = .ASPXANONYMOUS<br>Cookie value = thZxXvE4Slij4XV6B00UMKkPKWvnXeyn0UZ8a75myxQ810UjPg5y7eA36a9o2fNfiCb6iyU9qt-aOwsPHwDAny4OxkFWQFafJBz0oozVohA4kyoWlSNAsejsw80f2HLZLZpdGAowlkUcNrQyGfzB1s17P_c1<br><br>Cookie name = ASP.NET_SessionId<br>Cookie value = wjplswj2ggivjoujankvmgur<br><br>Cookie name = .ASPXAUTH<br>Cookie value = C55C6183B8D775153D23876F609D0C109297B329E69CCF119E41BD487A3C164FBD6005A6A80C06156B462E84F202526E50A83FC257ED3A2AAE312F353681324D40D4E2EBB63D52C8BEEDC467C2368CF98EE6F5C0F69912224CD06BDAB516B30C65B5698261F4EF26ABA8C2E03CDF2B88C37835B899685059F5F48426C2EB9317<br><br>Cookie name = .ASPXAUTH<br>Cookie value = 30D203C60EE8CBE09201C00DDB8E9D8922B359EEBD7873116BA94466D4E70D0A320EFE5860F401C38E2A09880A3FD3D72F24E73FF2EC5198C81CCD9B2246F8F3A6E88A20C8DE9C76A40C2D1101B8F4C653A92F1874F8A8664CE0B54C84EB3E712E10F2A0026A90E84C56BE98AAEC5D6C3CB90AF9D56AAADB50503AD40698A768<br><br>"



ExitProcedure:
        On Error Resume Next

        Exit Sub


ReportError:
        strErrMsg = "Error in login.aspx.Login1_LoggedIn()" _
              & vbCr & "Error number " & CStr(Err.Number) _
              & " was generated by " & Err.Source _
              & vbCr & vbCr & Err.Description

        Me.lblErrorMessage.Text = strErrMsg
        Me.lblErrorMessage.Visible = True

        Resume ExitProcedure

    End Sub

Open in new window

View Cookies with IE Developer Tools (after setting timeout in web.config to 60 :
Cookie Information - http://localhost/mysite/browse.aspx?a=1
NAME  .ASPXAUTH 
VALUE  547076860DF614260F3DB7058DB855E3BDD920F73900C5886C7B50627736F78815B32F9541BFD965A4AA075D6F227F700254BF4E873FF0817FC38B0076841942C8D06DF9ABE6BBF30A8B0F324EA351AA1D53D9BED5203DDAAA21B9A8A1153468F8CF1ED6F4DDC7ABB78559662F878FF8ECD746CE96FC92D7DE93BD57478E3673 
DOMAIN  localhost 
PATH  / 
EXPIRES  20/08/2012 9:42:03 AM 

Open in new window

Cookie Expires is correct!

Alan ";0)
0
 
TrialUserAuthor Commented:
I havere-added the tag cookieless="usecookies" in the web.config file. I dont see any cookie  information throught the Tools. I just see the first line cookie information for and the rest is blank.

1) I have published my app in debug mode. Would that make any difference?
0
 
TrialUserAuthor Commented:
I can see the cookie information on my browser when I login to any other website. But on my particular webite, now the cookie information is blank. Please help
0
 
TrialUserAuthor Commented:
The tag usecookies does not help.  Any other suggestions. It seems to be timing out when session times out.
0
 
Alan WarrenCommented:
Hi Trialuser,
Tested the same code and config as posted above on my live/production site, the result was the same, the .AXPXAUTH cookie timeout was exactly 35 minutes from when I logged in:
NAME  .ASPXAUTH 
VALUE  F6BF788716E57436BB9082E982A0824C524C92D66D36038B8954DAB4FFE595DFF1BD6843B9170C12B66813E205D0E4F30D8CBE0777A69107A8C28AEEF51890426E5C6E5E01E4158F01BA4B0A5177C8CAD3DB24CCA8D64202F4ADE810DB8B048550C13A47E9F15A55CD9AA781A09A8209DA646B400BE5F1FEB8078A7E8B54CB5F9E24B37E134E8508D48EB3387C7128B1 
DOMAIN  akojo.com 
PATH  / 
EXPIRES  20/08/2012 11:18:45 AM 

Open in new window

Can we have bigger peek at your web.config please?
Remove any connection info and any other sensitive stuff first though.

Wondering about (name=".ASPXFORMSAUTH" you are providing in the web.config, I don't provide a name and get .ASPXAUTH, but my authentication mode="Forms" is the same as yours.


Alan ";0)
0
 
Alan WarrenCommented:
Disregard my comment pertaining to name=".ASPXFORMSAUTH", makes no difference at all, live or local, the cookie gets created.
NAME  .ASPXAUTH 
VALUE  F6BF788716E57436BB9082E982A0824C524C92D66D36038B8954DAB4FFE595DFF1BD6843B9170C12B66813E205D0E4F30D8CBE0777A69107A8C28AEEF51890426E5C6E5E01E4158F01BA4B0A5177C8CAD3DB24CCA8D64202F4ADE810DB8B048550C13A47E9F15A55CD9AA781A09A8209DA646B400BE5F1FEB8078A7E8B54CB5F9E24B37E134E8508D48EB3387C7128B1 
DOMAIN  akojo.com 
PATH  / 
EXPIRES  20/08/2012 11:18:45 AM 

NAME  .ASPXFORMSAUTH 
VALUE  9666F3831A44E3492EBC21F764D227E60A1AC0E6A69F9AEA70A6E068057904F7E5EE4D7F80747D5A3452A37ECFE8FA0959AB5EA728E948FBBD0DCFCF8D14DE5F2C4DB0F89C3C1A583F79EECA79A640D6FCDF02ED4FECE4426EED78E5050F2C4BDC515283D6AFCB9A9AA709D56070BF708888BA93D79FD09AB678900B56FC8A8CD3B103F53CCB3B72E284BFC4CBE340F0 
DOMAIN  akojo.com 
PATH  / 
EXPIRES  20/08/2012 11:42:44 AM 

Open in new window

Alan
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now