This is my function that is called when a login is successful. (I am very new to this FormAuthentication thing)
public static void CreateLoginCookie(User u)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(u.Id.ToString(), true, 9*60);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = DateTime.Now.AddHours(9) };
HttpContext.Current.Response.Cookies.Add(cookie);
}
In the web.config I have
<authentication mode="Forms">
<forms loginUrl="~/Default/Login" timeout="540" />
</authentication>
I want the user stay logged in for 9 hours, but it doesn't work. They get logged out after an hour or two.
Could someone tell me what I am missing?
It may happen because of Application Pool recycling.
Authentication cookie is encrypted with machine keys.
It seems that by default these machine keys are generated at each application pool restart.
Then your application is idle for some time(configured in application pool settings) your application pool is recycled.
So you need to generate static machine keys.
This question is related to yours:
Can a FormsAuthenticationTicket survive an app pool recycle?
Have you looked at modifying the timeout in the web.config file?
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
protection="[All|None|Encryption|Validation]"
timeout="[MM]"
path="path"
requireSSL="[true|false]"
slidingExpiration="[true|false]">
enableCrossAppRedirects="[true|false]"
cookieless="[UseUri|UseCookies|AutoDetect|UseDeviceProfile]"
domain="domain name"
ticketCompatibilityMode="[Framework20|Framework40]">
<credentials>...</credentials>
</forms>
I've used this snippet and it works for me, take a look at this:
FormsAuthenticationTicket Ticket = new FormsAuthenticationTicket(
1, // Ticket version
username, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddDays(1), // Date/time to expire
isPersistent, // "true" for a persistent user cookie
dataStore, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string Hash = FormsAuthentication.Encrypt(Ticket);
HttpCookie Cookie = new HttpCookie(FormsAuthentication.FormsCookieName, Hash);
// Set the cookie's expiration time to the tickets expiration time
if (Ticket.IsPersistent)
Cookie.Expires = Ticket.Expiration;