I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).
I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).
What am I missing? Thanks!
I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>
Here is the relevent site web.config section:
<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager> 5 1829
A discussion i did lately, a session has nearly nothing to do with
authentication.
Especially when used with persistant cookies.
It's likely you made a flaw by making the user depending on some dumb
session variable.
Whenit expires you could follow the global.asax events to track if indeed
the authentication is still valid..
In some cases the session is (imo mis-) used to hold a non-persistant user
(cookieless or similar).
So in that case authentication is depending on the session-id.
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11**********************@o13g2000cwo.googlegr oups.com... I want my site to remember users when they come back without requiring them to login again (assuming they checked "remember me" on the login control).
I've tried increasing the timeouts to 3000000+ but it still requires users to login if the session times out (roughly 30 minutes or so).
What am I missing? Thanks!
I do have web.configs to protect the "secure" directories: <system.web> <authorization> <allow roles="Administrators" /> <deny roles="Users" /> <deny users="?" /> </authorization> </system.web>
Here is the relevent site web.config section:
<authentication mode="Forms"> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx" cookieless="UseCookies" timeout="5000000" /> </authentication> <membership defaultProvider="CrossroadsMembershipSqlProvider" > <providers> <add name="CrossroadsMembershipSqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="Crossroads" requiresUniqueEmail="true" passwordFormat="Clear" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0"/> </providers> </membership> <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="CrossroadsRoleManagerSqlProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All" > <providers> <add name="CrossroadsRoleManagerSqlProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" applicationName="Crossroads"/> </providers> </roleManager>
HOW annoying, MULTIPOST with all the news group resolve errors i get!
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11**********************@o13g2000cwo.googlegr oups.com... I want my site to remember users when they come back without requiring them to login again (assuming they checked "remember me" on the login control).
I've tried increasing the timeouts to 3000000+ but it still requires users to login if the session times out (roughly 30 minutes or so).
What am I missing? Thanks!
I do have web.configs to protect the "secure" directories: <system.web> <authorization> <allow roles="Administrators" /> <deny roles="Users" /> <deny users="?" /> </authorization> </system.web>
Here is the relevent site web.config section:
<authentication mode="Forms"> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx" cookieless="UseCookies" timeout="5000000" /> </authentication> <membership defaultProvider="CrossroadsMembershipSqlProvider" > <providers> <add name="CrossroadsMembershipSqlProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="Crossroads" requiresUniqueEmail="true" passwordFormat="Clear" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0"/> </providers> </membership> <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="CrossroadsRoleManagerSqlProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All" > <providers> <add name="CrossroadsRoleManagerSqlProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" applicationName="Crossroads"/> </providers> </roleManager>
Thanks Edwin - great value add there.
I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.
Is that OK or do I still get 20 lashes with a wet noodle?
>..or do I still get 20 lashes with a wet noodle?
Hmm, haven't thought about your punishment yet, but i expect i can have some
lashes myself so now and then :D
:)
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11********************@z14g2000cwz.googlegrou ps.com... Thanks Edwin - great value add there.
I posted to the security thread and then in looking through the group didn't see a lot of traffic so I thought I'd try my hand at the regular aspnet group.
Is that OK or do I still get 20 lashes with a wet noodle?
Oops again!
That makes 40 lashes !
<jr*******@kellogg.northwestern.edu> schreef in bericht
news:11********************@z14g2000cwz.googlegrou ps.com... Thanks Edwin - great value add there.
I posted to the security thread and then in looking through the group didn't see a lot of traffic so I thought I'd try my hand at the regular aspnet group.
Is that OK or do I still get 20 lashes with a wet noodle? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: obhayes |
last post by:
Hi All,
Im using classic ASP (3.0) and I have a web farm with 2 webservers
(webserver A and webserver B, both windows server 2003). I do not want
to store any client specific information on the...
|
by: brad |
last post by:
Hi,
Im using classic ASP (3.0) and I have a web farm with 2 webservers
(webserver A and webserver B, both windows server 2003). I do not want
to store any client specific information on the...
|
by: Marco Rispoli |
last post by:
I am using this function to write a cookie:
private static void SaveCookie(string CookieName, string CookieValue, bool
Persistent)
{
HttpContext.Current.Response.Cookies.Value = CookieValue;...
|
by: Kepler |
last post by:
I'm testing very basic FormsAuthentication and having trouble with
non-persistent cookies. Once authenticated with a non-persistent
cookie, if I leave the browser alone for 30 minutes,...
|
by: craigkenisston |
last post by:
I have an asp.net application in which I sometimes store a persistent
cookie once the user has logged in and this has been working great.
However, I now add some user information like, username,...
|
by: robert |
last post by:
I have noticed in .net 2 that when authenticating a user, setting the
cookie using either redirectfromloginpage or setauthcookie, specifying
true for the persistent parameter that the cookie is...
|
by: sanchita |
last post by:
Hello everyone,
I didn't get any response in "Security" forum hence posting here again.
I am having problem with persistent cookies. Even after setting
"CreatePersistentCookie" to true in...
|
by: GaryDean |
last post by:
I'm using the 2.0 login control with the "remember me" setting. When
checked the cookie only last for a few hours then it is asking again for a
login. I don't see any time settings. I know back...
|
by: rh.krish |
last post by:
I have a typical ASP.NET 2.0 Forms authentication application which
authenticates against Active Directory. I use non-persistent cookie so
that the user is NOT remembered across browser sessions....
|
by: Jason James |
last post by:
Hi,
I am exploring the possibility of using the MSAccess provider for
membership, etc. All is working well, including being able to use it
for webparts, user authentication, etc. I can create...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |