«

I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).

I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).

What am I missing? Thanks!

I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>

Here is the relevent site web.config section:

<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager>

A discussion i did lately, a session has nearly nothing to do with
authentication.
Especially when used with persistant cookies.
It's likely you made a flaw by making the user depending on some dumb
session variable.
Whenit expires you could follow the global.asax events to track if indeed
the authentication is still valid..

In some cases the session is (imo mis-) used to hold a non-persistant user
(cookieless or similar).
So in that case authentication is depending on the session-id.


<> schreef in bericht
news: oups.com...
>I want my site to remember users when they come back without requiring
> them to login again (assuming they checked "remember me" on the login
> control).
>
> I've tried increasing the timeouts to 3000000+ but it still requires
> users to login if the session times out (roughly 30 minutes or so).
>
> What am I missing? Thanks!
>
> I do have web.configs to protect the "secure" directories:
> <system.web>
> <authorization>
> <allow roles="Administrators" />
> <deny roles="Users" />
> <deny users="?" />
> </authorization>
> </system.web>
>
> Here is the relevent site web.config section:
>
> <authentication mode="Forms">
> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
> cookieless="UseCookies" timeout="5000000" />
> </authentication>
> <membership defaultProvider="CrossroadsMembershipSqlProvider" >
> <providers>
> <add name="CrossroadsMembershipSqlProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
> enablePasswordReset="true" requiresQuestionAndAnswer="false"
> applicationName="Crossroads" requiresUniqueEmail="true"
> passwordFormat="Clear" minRequiredPasswordLength="5"
> minRequiredNonalphanumericCharacters="0"/>
> </providers>
> </membership>
> <roleManager enabled="true" cacheRolesInCookie="true"
> defaultProvider="CrossroadsRoleManagerSqlProvider"
> cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
> cookieRequireSSL="false" cookieSlidingExpiration="true"
> createPersistentCookie="true" cookieProtection="All" >
> <providers>
> <add name="CrossroadsRoleManagerSqlProvider"
> type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
> </providers>
> </roleManager>
>

HOW annoying, MULTIPOST with all the news group resolve errors i get!


<> schreef in bericht
news: oups.com...
>I want my site to remember users when they come back without requiring
> them to login again (assuming they checked "remember me" on the login
> control).
>
> I've tried increasing the timeouts to 3000000+ but it still requires
> users to login if the session times out (roughly 30 minutes or so).
>
> What am I missing? Thanks!
>
> I do have web.configs to protect the "secure" directories:
> <system.web>
> <authorization>
> <allow roles="Administrators" />
> <deny roles="Users" />
> <deny users="?" />
> </authorization>
> </system.web>
>
> Here is the relevent site web.config section:
>
> <authentication mode="Forms">
> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
> cookieless="UseCookies" timeout="5000000" />
> </authentication>
> <membership defaultProvider="CrossroadsMembershipSqlProvider" >
> <providers>
> <add name="CrossroadsMembershipSqlProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
> enablePasswordReset="true" requiresQuestionAndAnswer="false"
> applicationName="Crossroads" requiresUniqueEmail="true"
> passwordFormat="Clear" minRequiredPasswordLength="5"
> minRequiredNonalphanumericCharacters="0"/>
> </providers>
> </membership>
> <roleManager enabled="true" cacheRolesInCookie="true"
> defaultProvider="CrossroadsRoleManagerSqlProvider"
> cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
> cookieRequireSSL="false" cookieSlidingExpiration="true"
> createPersistentCookie="true" cookieProtection="All" >
> <providers>
> <add name="CrossroadsRoleManagerSqlProvider"
> type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
> </providers>
> </roleManager>
>

Thanks Edwin - great value add there.

I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.

Is that OK or do I still get 20 lashes with a wet noodle?

>..or do I still get 20 lashes with a wet noodle?

Hmm, haven't thought about your punishment yet, but i expect i can have some
lashes myself so now and then





<> schreef in bericht
news: ps.com...
> Thanks Edwin - great value add there.
>
> I posted to the security thread and then in looking through the group
> didn't see a lot of traffic so I thought I'd try my hand at the regular
> aspnet group.
>
> Is that OK or do I still get 20 lashes with a wet noodle?
>