Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Persistent Cookie not working

Reply
Thread Tools

Persistent Cookie not working

 
 
jrhea2006@kellogg.northwestern.edu
Guest
Posts: n/a
 
      02-18-2006
I want my site to remember users when they come back without requiring
them to login again (assuming they checked "remember me" on the login
control).

I've tried increasing the timeouts to 3000000+ but it still requires
users to login if the session times out (roughly 30 minutes or so).

What am I missing? Thanks!

I do have web.configs to protect the "secure" directories:
<system.web>
<authorization>
<allow roles="Administrators" />
<deny roles="Users" />
<deny users="?" />
</authorization>
</system.web>

Here is the relevent site web.config section:

<authentication mode="Forms">
<forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
cookieless="UseCookies" timeout="5000000" />
</authentication>
<membership defaultProvider="CrossroadsMembershipSqlProvider" >
<providers>
<add name="CrossroadsMembershipSqlProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="false"
applicationName="Crossroads" requiresUniqueEmail="true"
passwordFormat="Clear" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="CrossroadsRoleManagerSqlProvider"
cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
cookieRequireSSL="false" cookieSlidingExpiration="true"
createPersistentCookie="true" cookieProtection="All" >
<providers>
<add name="CrossroadsRoleManagerSqlProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
</providers>
</roleManager>

 
Reply With Quote
 
 
 
 
Edwin Knoppert
Guest
Posts: n/a
 
      02-18-2006
A discussion i did lately, a session has nearly nothing to do with
authentication.
Especially when used with persistant cookies.
It's likely you made a flaw by making the user depending on some dumb
session variable.
Whenit expires you could follow the global.asax events to track if indeed
the authentication is still valid..

In some cases the session is (imo mis-) used to hold a non-persistant user
(cookieless or similar).
So in that case authentication is depending on the session-id.


<(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed) oups.com...
>I want my site to remember users when they come back without requiring
> them to login again (assuming they checked "remember me" on the login
> control).
>
> I've tried increasing the timeouts to 3000000+ but it still requires
> users to login if the session times out (roughly 30 minutes or so).
>
> What am I missing? Thanks!
>
> I do have web.configs to protect the "secure" directories:
> <system.web>
> <authorization>
> <allow roles="Administrators" />
> <deny roles="Users" />
> <deny users="?" />
> </authorization>
> </system.web>
>
> Here is the relevent site web.config section:
>
> <authentication mode="Forms">
> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
> cookieless="UseCookies" timeout="5000000" />
> </authentication>
> <membership defaultProvider="CrossroadsMembershipSqlProvider" >
> <providers>
> <add name="CrossroadsMembershipSqlProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
> enablePasswordReset="true" requiresQuestionAndAnswer="false"
> applicationName="Crossroads" requiresUniqueEmail="true"
> passwordFormat="Clear" minRequiredPasswordLength="5"
> minRequiredNonalphanumericCharacters="0"/>
> </providers>
> </membership>
> <roleManager enabled="true" cacheRolesInCookie="true"
> defaultProvider="CrossroadsRoleManagerSqlProvider"
> cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
> cookieRequireSSL="false" cookieSlidingExpiration="true"
> createPersistentCookie="true" cookieProtection="All" >
> <providers>
> <add name="CrossroadsRoleManagerSqlProvider"
> type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
> </providers>
> </roleManager>
>



 
Reply With Quote
 
 
 
 
Edwin Knoppert
Guest
Posts: n/a
 
      02-18-2006
HOW annoying, MULTIPOST with all the news group resolve errors i get!


<(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed) oups.com...
>I want my site to remember users when they come back without requiring
> them to login again (assuming they checked "remember me" on the login
> control).
>
> I've tried increasing the timeouts to 3000000+ but it still requires
> users to login if the session times out (roughly 30 minutes or so).
>
> What am I missing? Thanks!
>
> I do have web.configs to protect the "secure" directories:
> <system.web>
> <authorization>
> <allow roles="Administrators" />
> <deny roles="Users" />
> <deny users="?" />
> </authorization>
> </system.web>
>
> Here is the relevent site web.config section:
>
> <authentication mode="Forms">
> <forms loginUrl="main/Login.aspx" defaultUrl="main/Login.aspx"
> cookieless="UseCookies" timeout="5000000" />
> </authentication>
> <membership defaultProvider="CrossroadsMembershipSqlProvider" >
> <providers>
> <add name="CrossroadsMembershipSqlProvider"
> type="System.Web.Security.SqlMembershipProvider, System.Web,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
> enablePasswordReset="true" requiresQuestionAndAnswer="false"
> applicationName="Crossroads" requiresUniqueEmail="true"
> passwordFormat="Clear" minRequiredPasswordLength="5"
> minRequiredNonalphanumericCharacters="0"/>
> </providers>
> </membership>
> <roleManager enabled="true" cacheRolesInCookie="true"
> defaultProvider="CrossroadsRoleManagerSqlProvider"
> cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="300000000"
> cookieRequireSSL="false" cookieSlidingExpiration="true"
> createPersistentCookie="true" cookieProtection="All" >
> <providers>
> <add name="CrossroadsRoleManagerSqlProvider"
> type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
> connectionStringName="LocalSqlServer" applicationName="Crossroads"/>
> </providers>
> </roleManager>
>



 
Reply With Quote
 
jrhea2006@kellogg.northwestern.edu
Guest
Posts: n/a
 
      02-18-2006
Thanks Edwin - great value add there.

I posted to the security thread and then in looking through the group
didn't see a lot of traffic so I thought I'd try my hand at the regular
aspnet group.

Is that OK or do I still get 20 lashes with a wet noodle?

 
Reply With Quote
 
Edwin Knoppert
Guest
Posts: n/a
 
      02-18-2006
>..or do I still get 20 lashes with a wet noodle?

Hmm, haven't thought about your punishment yet, but i expect i can have some
lashes myself so now and then





<(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed) ps.com...
> Thanks Edwin - great value add there.
>
> I posted to the security thread and then in looking through the group
> didn't see a lot of traffic so I thought I'd try my hand at the regular
> aspnet group.
>
> Is that OK or do I still get 20 lashes with a wet noodle?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Persistent field and Persistent properties - difference gk Java 7 10-12-2010 09:43 PM
Forms Authentication non-persistent cookie not expiring after closingthe browser rh.krish@gmail.com ASP .Net 3 04-10-2008 07:41 AM
Forms Authentication non-persistent cookie not expiring after closing the browser rh.krish ASP .Net 0 04-09-2008 05:23 AM
Persistent Cookie not working jrhea2006@kellogg.northwestern.edu ASP .Net 5 02-18-2006 05:29 PM
Non-persistent cookie Marco Rispoli ASP .Net 1 05-08-2004 01:45 AM



Advertisments