Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > login control persistent cookie problem

Reply
Thread Tools

login control persistent cookie problem

 
 
GaryDean
Guest
Posts: n/a
 
      07-07-2007
I'm using the 2.0 login control with the "remember me" setting. When
checked the cookie only last for a few hours then it is asking again for a
login. I don't see any time settings. I know back when we did our own
authentication we specified
FormsAuthentication.RedirectFromLoginPage(tbEmail. Text, True) and the cookie
lasted forever.

--
Regards,
Gary Blakely


 
Reply With Quote
 
 
 
 
MasterGaurav \(www.edujini-labs.com\)
Guest
Posts: n/a
 
      07-09-2007
> I'm using the 2.0 login control with the "remember me" setting. When
> checked the cookie only last for a few hours then it is asking again for a
> login. I don't see any time settings. I know back when we did our own
> authentication we specified
> FormsAuthentication.RedirectFromLoginPage(tbEmail. Text, True) and the
> cookie lasted forever.


Well, it's similar way here.
However, even if it's 'RememberMe', it's not forever!

IIRC, it's a 3-step process in the Login control:

1. FormsAuthentication.SetAuthCookie(username, isRememberMeSelected)
In this, the timeout is set to DateTime.Now + TimeSpan.Parse(<forms
timeout="...">)
2. Raise the event LoggedIn
3. Response.Redirect(<redirect-from-login-page-url>)

In step1, the cookie is set with sliding-expiration (default) with the
timeout of 30 mins (default).


--
Happy Hacking,
Gaurav Vaish | www.mastergaurav.com
www.edujini-labs.com
http://eduzine.edujini-labs.com
-----------------------------------------


 
Reply With Quote
 
 
 
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      07-09-2007
Hi Gary,

From your description, you found that the "Login" control's "remember me"
setting doesn't work as expected(make the authentiation cookie
persisted),correct?

Based on my understanding, the Login Control's "RememberMe" property play
the same role as the second boolean parameter of the
FormsAuthentications.Authenticate(Or RedirectFromLoginPage) method. Here is
the diassembled code of the LoginControl from reflector:

========================
private void AttemptLogin()
{
if ((this.Page == null) || this.Page.IsValid)
{
LoginCancelEventArgs e = new LoginCancelEventArgs();
this.OnLoggingIn(e);
if (!e.Cancel)
{
AuthenticateEventArgs args2 = new AuthenticateEventArgs();
this.OnAuthenticate(args2);
if (args2.Authenticated)
{
FormsAuthentication.SetAuthCookie(this.UserNameInt ernal,
this.RememberMeSet);
this.OnLoggedIn(EventArgs.Empty);
this.Page.Response.Redirect(this.GetRedirectUrl(), false);
}
else
{
this.OnLoginError(EventArgs.Empty);
if (this.FailureAction ==
LoginFailureAction.RedirectToLoginPage)
{

FormsAuthentication.RedirectToLoginPage("loginfail ure=1");
}
ITextControl failureTextLabel = (ITextControl)
this.TemplateContainer.FailureTextLabel;
if (failureTextLabel != null)
{
failureTextLabel.Text = this.FailureText;
}
}
}
}
}
==========================

Also, for the authenticaiton ticket(cookie)'s timeout, as far as I know,
the only configuration option is in the web.config file's
<authentication>/<forms>/@timeout attribute. This controls the cookie's
timeout (when you use persistent cookie).

=============
<authentication mode="Windows">
<forms
...............
timeout="30"
.................>
........
</forms>
<passport redirectUrl="internal" />
</authentication>
==================

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

 
Reply With Quote
 
GaryDean
Guest
Posts: n/a
 
      07-11-2007
maybe we are miscommunicating...

I have several asp.net 1.1 apps that simply say:
FormsAuthentication.RedirectFromLoginPage(tbEmail. Text,
cbRememberMe.Checked)
and the cookie lasts forever. There is no timout setting in the web.config.
Iv'e doing this for years.

Persistent cookies are commonplace everywhere. My (any probably your)
amazon.com cookies last forever.

Maybe something has changed with the LoginControl.

--
Regards,
Gary Blakely
Dean Blakely & Associates
www.deanblakely.com
"Steven Cheng[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Gary,
>
> From your description, you found that the "Login" control's "remember me"
> setting doesn't work as expected(make the authentiation cookie
> persisted),correct?
>
> Based on my understanding, the Login Control's "RememberMe" property play
> the same role as the second boolean parameter of the
> FormsAuthentications.Authenticate(Or RedirectFromLoginPage) method. Here
> is
> the diassembled code of the LoginControl from reflector:
>
> ========================
> private void AttemptLogin()
> {
> if ((this.Page == null) || this.Page.IsValid)
> {
> LoginCancelEventArgs e = new LoginCancelEventArgs();
> this.OnLoggingIn(e);
> if (!e.Cancel)
> {
> AuthenticateEventArgs args2 = new AuthenticateEventArgs();
> this.OnAuthenticate(args2);
> if (args2.Authenticated)
> {
> FormsAuthentication.SetAuthCookie(this.UserNameInt ernal,
> this.RememberMeSet);
> this.OnLoggedIn(EventArgs.Empty);
> this.Page.Response.Redirect(this.GetRedirectUrl(), false);
> }
> else
> {
> this.OnLoginError(EventArgs.Empty);
> if (this.FailureAction ==
> LoginFailureAction.RedirectToLoginPage)
> {
>
> FormsAuthentication.RedirectToLoginPage("loginfail ure=1");
> }
> ITextControl failureTextLabel = (ITextControl)
> this.TemplateContainer.FailureTextLabel;
> if (failureTextLabel != null)
> {
> failureTextLabel.Text = this.FailureText;
> }
> }
> }
> }
> }
> ==========================
>
> Also, for the authenticaiton ticket(cookie)'s timeout, as far as I know,
> the only configuration option is in the web.config file's
> <authentication>/<forms>/@timeout attribute. This controls the cookie's
> timeout (when you use persistent cookie).
>
> =============
> <authentication mode="Windows">
> <forms
> ...............
> timeout="30"
> .................>
> ........
> </forms>
> <passport redirectUrl="internal" />
> </authentication>
> ==================
>
> Sincerely,
>
> Steven Cheng
>
> Microsoft MSDN Online Support Lead
>
>
>
> ==================================================
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
>
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>



 
Reply With Quote
 
Steven Cheng[MSFT]
Guest
Posts: n/a
 
      07-13-2007
Thanks for your reply Gary,

Sorry that I haven't expected that you're using ASP.NET 1.1. Yes, the forms
authentication's ticket timeout does vary from 1.1 to 2.0. Actually the
change is mainly focus on persistent authentication cookie. In ASP.NET
1.x, the "timeout" setting in <forms> tag only affect non-persistent
authentication ticket, and in ASP.NET 2.0, this timeout setting affect both
persistent and non-persistent cookie. Here is a blog article (by scottgu)
which also explain this:

#Forms Authentication timeout default in ASP.NET 2.0
http://weblogs.asp.net/scottgu/archi...08/430011.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Persistent field and Persistent properties - difference gk Java 7 10-12-2010 09:43 PM
Persistent Cookie Problem sanchita ASP .Net Security 0 03-23-2007 09:57 PM
Techniques to auto-login using a persistent cookie. craigkenisston@hotmail.com ASP .Net 4 10-24-2005 02:21 AM
IsAuthenticated times out with non-persistent cookie - Why/How? Kepler ASP .Net 0 10-27-2004 04:27 PM
Non-persistent cookie Marco Rispoli ASP .Net 1 05-08-2004 01:45 AM



Advertisments