This is how I am using the GetAuthCookie using the FormsAuthentication
object:
'after successful login
Dim hCookie As HttpCookie
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, True)
hCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text , True)
hCookie.Name = "UserName"
hCookie.Value = txtUserName.Text
hCookie.Expires = DateTime.Now.AddMonths(2)
Response.Cookies.Add(hCookie)
The above creates a HttpCookie with the encrypted ticket information
along with the username. Now how do I add a key named, say, UID to this
cookie which will store the UserID of the logged-in user (which will be
retrieved from a SQL Server 2005 DB table) so that next time whenever
the user comes to this page, I can display a message saying that his
UserID is, say, 4 (or whatever it is corresponding to the logged-in
user)?
Also note that I have set the cookie to expire after 2 months. Suppose
a user logs in successfully after which he is shown a hello message
with his username. Next he closes the browser window in which he logged
himself & opens a new browser window. This page still displays him the
hello message with his username (i.e. the user isn't forced to login
again just because he has opened a new browser window).
Everything fine till this point but suppose the user comes to this page
the next day (or after a few days but within 2 months before his last
login), ASP.NET again asks the user to login though the cookie has been
set to expire after 2 months. Why so?
How do I ensure that the user is not forced to login for the next 2
months (or whatever expiry period has been set for the cookie to
expire) once he logs in?