I'm implementing "Remember Me" feature, I want the user to not have to enter login/password again.
It's seems to work in local, but in a shared hosting, It last for about 15 minutes then logout. Here is the code:
controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="InProc" timeout="262974" cookieless="UseCookies" />
EDIT
I've added the sessionState, but still the same problem, working on local and not on the server?
what am I missing?
Look into the sessionstate element in your web.config. For example:
<sessionState mode="InProc" timeout="60" />
Check out the following SO question for differences between the sessionstate element and the forms element in your web.config:
Differences in forms auth timeout and session timeout
The accepted answer by #womp states the following:
A session starts every time a new user hits the website, regardless of
whether or not they are anonymous. Authentication has very little to
do with Session.
Authentication timeout is the amount of time that the authentication
cookie is good for on the user's browser. Once the cookie expires,
they must re-authenticate to access protected resources on the site.
So, if Session times out before the Authentication cookie - they are
still authenticated, but all their session variables disappear, and
may cause errors in your website if you are not disciplined in
checking for nulls and other conditions brought about by missing
session.
If Authentication times out before the session, then all their session
variables will still exist, but they won't be able to access protected
resources until they log back in again.
I finally found the solution, I had to use StateServer instead of InProc and also a machine key, Here is the full solution:
Controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="StateServer" timeout="262974" cookieless="UseCookies" />
<machineKey validationKey="5BAE63F50C69C1BBB7BFC2E696674389C307E28E9DEB60FB273B85CAD8FC3C2261FB13DF92B90A99C6EB684FDB1F6E3E92E1A42083EB77B5918126DD52245FB5" decryptionKey="11F6FE0C790413FFF3E230387168016B212216DEF727C4157CDDD0558BEAE5B7" validation="SHA1" decryption="AES" />
I have a shared hosting with Arvixe and it's in their Support where I found the solution: support.arvixe.com
Go to : ASP.NET Settings and scroll to Session settings change "value" none to "Forms" It will be done!
Related
I have created one web application and when i run application in normal browser windows it works perfectly. But when i open same application in iFrame tag my cookies get vanished automatically.
When I Inspect browser window i can see the cookies and session but it won't work.
enter image description here
This is probably because you have not set the domain on the web.config
Some times you call the iframe with out the www. on your domain, and this is set a different cookie than when you have the www.
so on web.config set the domain where its needed, eg:
<authentication mode="Forms">
<forms domain="local.com" />
</authentication>
<httpCookies domain="local.com" />
I have added below config in web.config file
<sessionState mode="InProc" timeout="500" cookieSameSite="None"/>
<httpCookies httpOnlyCookies="true" requireSSL="true" domain="local.com"/>
<authentication mode="Forms">
<forms loginUrl="~/Auth" timeout="500" slidingExpiration="true" domain="local.com"/>
</authentication>
But still cookies not set. Could you please assist?
someone made a site in .net which am taking over.
when someone is logged in, it logs you out automatically after a short while.
in the web.config theres this code which am assuming controls the time:
<httpRuntime
executionTimeout="12000"
maxRequestLength="307200"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="100"
enableVersionHeader="true"
requestValidationMode="2.0"
/>
now what does the "12000" number mean
can i change the length of time in this code
and whats the diffrence between executionTimeout and maxRequestLength
thanks
If you're using Authentication Forms, look for system.web - authentication in web.config. There, you have a Timeout parameter.
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="60"/>
</authentication>
I don't think that is the property you are looking for what is more likely is that the session is timing out
Session timeout in ASP.NET
Should help you
I'm using .NET 4.5, and my site is logging users out after 10 minutes of inactivity, even though I have login time set to 45 minutes.
It's very frustrating for the users.
In web.config, for sessionState this is what i have:
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="45">
and for authentication :
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" defaultUrl="~/" protection="All"/>
</authentication>
it's hosted on GoDaddy whose support is useless, but it means I can't control the app pool recycling but I don't think that's the issue.
I just can't get to the bottom of it.
Can anyone help?
I am using forms authentication in asp.net4. But the authorization is behaving very unusually.
Following is my web.config snippet-
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="2880" protection="All" path="/" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
When i try to open any web page i am redirected to Login page as expected. If close my browser i should be logged out, but thats not happening although i am setting persistentCookie=false as follow
FormsAuthentication.RedirectFromLoginPage(username, false);
Now after closing browser if a login again i am considered authenticated user, but if i clear cookie cache in my browser than i wont be considered authenticated user.
I am not setting cookie anywhere and i dont want persistent cookie, than why is this happening.
Please tell me if i am missing something.
Anobody know something related to this
I just found that this problem is only with Chrome 21.0, and not with Firefox 7.0 or Opera 11.4 (problem of authenticating even though session ends).
When you use authentication mode="Forms" your auth credentials stored in cookies by default. If you want to change this behaviour you can use cookieless="UseUri" attribute, than your credential will be stored in the URL. You can find more inforamtion forms Element for authentication.
timeout attribute specify how long cookies will be stored (in minutes) by default it is 30.
I have read some issues related to session time out and i have changed the settings but no avail.
This is entry of session in web.config. i want to expire the session after 5 hours.
<sessionState mode="InProc" timeout="300" />
On Login page i am adding user name in session
Session.Add("Authenticated", UserName);
and my each page is inherited with BasePage and in base class i have this check for each page.
if (Session["Authenticated"] == null)
{
Response.Redirect("../userlogin.aspx");
}
but session expires before one hour.
I want to confirm that during this there is no change in web.config, Bin folder files etc.
Take a look at this ASP.NET Session Timeouts.
Besides IIS Idle timeout there is Forms authentication timeout, which is 30 min by default. So you will be redirected to the login page before the session actually expired.
<system.web>
<authentication mode="Forms">
<forms timeout="300"/>
</authentication>
<sessionState timeout="300" />
</system.web>
If you are hosting it on IIS6 (Win2K3) then go to the settings in the Application Pool in which your application runs. You need to set it there as well.