473,385 Members | 1,856 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > persistent cookie not working

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Persistent Cookie not working

I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).

I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).

What am I missing? Thanks!

I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>

Here is the relevent site web.config section:

<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager>

Feb 18 '06 #1
5 1829
A discussion i did lately, a session has nearly nothing to do with
authentication.
Especially when used with persistant cookies.
It's likely you made a flaw by making the user depending on some dumb
session variable.
Whenit expires you could follow the global.asax events to track if indeed
the authentication is still valid..

In some cases the session is (imo mis-) used to hold a non-persistant user
(cookieless or similar).
So in that case authentication is depending on the session-id.
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11**********************@o13g2000cwo.googlegr oups.com...
I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).

I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).

What am I missing? Thanks!

I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>

Here is the relevent site web.config section:

<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager>

Feb 18 '06 #2
HOW annoying, MULTIPOST with all the news group resolve errors i get!
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11**********************@o13g2000cwo.googlegr oups.com...
I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).

I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).

What am I missing? Thanks!

I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>

Here is the relevent site web.config section:

<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager>

Feb 18 '06 #3
Thanks Edwin - great value add there.

I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.

Is that OK or do I still get 20 lashes with a wet noodle?

Feb 18 '06 #4
>..or do I still get 20 lashes with a wet noodle?

Hmm, haven't thought about your punishment yet, but i expect i can have some
lashes myself so now and then :D

:)

<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11********************@z14g2000cwz.googlegrou ps.com...
Thanks Edwin - great value add there.

I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.

Is that OK or do I still get 20 lashes with a wet noodle?

Feb 18 '06 #5
Oops again!
That makes 40 lashes !

<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11********************@z14g2000cwz.googlegrou ps.com...
Thanks Edwin - great value add there.

I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.

Is that OK or do I still get 20 lashes with a wet noodle?

Feb 18 '06 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Non persistent cookie in a web farm using classic asp (3.0)
by: obhayes | last post by:
Hi All, Im using classic ASP (3.0) and I have a web farm with 2 webservers (webserver A and webserver B, both windows server 2003). I do not want to store any client specific information on the...
ASP / Active Server Pages
1
Non persistent cookie in a web farm.
by: brad | last post by:
Hi, Im using classic ASP (3.0) and I have a web farm with 2 webservers (webserver A and webserver B, both windows server 2003). I do not want to store any client specific information on the...
ASP / Active Server Pages
1
Non-persistent cookie
by: Marco Rispoli | last post by:
I am using this function to write a cookie: private static void SaveCookie(string CookieName, string CookieValue, bool Persistent) { HttpContext.Current.Response.Cookies.Value = CookieValue;...
ASP.NET
0
IsAuthenticated times out with non-persistent cookie - Why/How?
by: Kepler | last post by:
I'm testing very basic FormsAuthentication and having trouble with non-persistent cookies. Once authenticated with a non-persistent cookie, if I leave the browser alone for 30 minutes,...
ASP.NET
4
Techniques to auto-login using a persistent cookie.
by: craigkenisston | last post by:
I have an asp.net application in which I sometimes store a persistent cookie once the user has logged in and this has been working great. However, I now add some user information like, username,...
ASP.NET
0
Bug with forms authentication persistent cookie expiry 30 minutes
by: robert | last post by:
I have noticed in .net 2 that when authenticating a user, setting the cookie using either redirectfromloginpage or setauthcookie, specifying true for the persistent parameter that the cookie is...
ASP.NET
3
Persistent Cookies
by: sanchita | last post by:
Hello everyone, I didn't get any response in "Security" forum hence posting here again. I am having problem with persistent cookies. Even after setting "CreatePersistentCookie" to true in...
ASP.NET
4
login control persistent cookie problem
by: GaryDean | last post by:
I'm using the 2.0 login control with the "remember me" setting. When checked the cookie only last for a few hours then it is asking again for a login. I don't see any time settings. I know back...
ASP.NET
3
Forms Authentication non-persistent cookie not expiring after closingthe browser
by: rh.krish | last post by:
I have a typical ASP.NET 2.0 Forms authentication application which authenticates against Active Directory. I use non-persistent cookie so that the user is NOT remembered across browser sessions....
ASP.NET
1
AccessMembershipProvider and persistent tickets
by: Jason James | last post by:
Hi, I am exploring the possibility of using the MSAccess provider for membership, etc. All is working well, including being able to use it for webparts, user authentication, etc. I can create...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!