Something strange is happening on my web site since my hosting provider
upgraded to Server 2003 a few weeks ago.
I use forms authentication in my asp.net application, with essentially
the following c# code-behind on my login page:
If (FormsAuthentication.Authenticate(UserName.Text, UserPass.Text))
FormsAuthentication.RedirectFromLoginPage(UserName .Text, true);
Note that the createPersistentCookie parameter is set to true.
In addition, my web.config has the following authentication section:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="LOGINCOOKIE" path="/"
protection="All" requireSSL="true" timeout="43200"/>
</authentication>
(The timeout above is in minutes -- 43200 minutes works out to 30 days
by my calculations.)
Prior to the Server 2003 upgrade, I could log in to my web site once
and the cookie would last for somewhere around 30 to 45 days.
But ever since the upgrade to Server 2003, I get prompted to log in
very erratically -- sometimes once a day, sometimes several times a day
and sometimes once every few days. I've verified that the LOGINCOOKIE
is being passed in the request, so it's not being deleted from my
browser.
Any ideas what's going on here? Seems to me that there's a problem with
the persistent nature of the cookie, or (more likely) some special
setting in IIS isn't configured properly under Server 2003. I see that
there's a slidingExpiration parameter that can be added to the <forms>
tag but I don't want to use that - I want the app to make me log in
once every 30 days or so.
Thanks for any pointers you can offer!
-Marty
gg**@pobox.com
