I realize that this question may have been asked before, but I can't find anything that matches my situation exactly.
I created a website using the WebMail helper in ASP.Net web pages (not web forms) and WebMatrix. Users are required to login to the website, and there is a "Remember me" box that (in theory) will keep the user logged in until he/she chooses to log out. The website does keep users logged in if they close the browser and reopen it within 20-30 minutes. However, after 20-30 minutes of not accessing the website, the user is logged out. (As an aside, this problem seems to exist even with the WebMatrix template "Starter Site".)
I've tried multiple solutions, many of which were posted on Stack Overflow, but nothing seems to work.
EDIT 2
The cookie used by Forms Authentication is called ".ASPXAUTH" and by default set to expire after 30 minutes.
Go to your web.config
and find the authentication
element. You can set the cookie expiration time (in minutes) there, like such:
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login"
name="myCookie" <!-- optional, if you want to rename it -->
timeout="2880" /> <!-- expires in 48 hours -->
</authentication>
</system.web>
OR
If the config fails you, try this article: Link
You'll need to clear any existing auth tickets and create your custom one. It boils down to this piece of code you need to execute if the user selected the remember me
option:
if (rememberMe)
{
// Clear any other tickets that are already in the response
Response.Cookies.Clear();
// Set the new expiry date - to thirty days from now
DateTime expiryDate = DateTime.Now.AddDays(30);
// Create a new forms auth ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, loginModel.UserName, DateTime.Now, expiryDate, true, String.Empty);
// Encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
// Create a new authentication cookie - and set its expiration date
HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
authenticationCookie.Expires = ticket.Expiration;
// Add the cookie to the response.
Response.Cookies.Add(authenticationCookie);
}
You can manually create a cookie(never expiring) containing a GUID which is mapped to your user. When user makes a GET to your user login page, you can read that cookie and check the guid and authenticate the user. check the links
http://msdn.microsoft.com/en-us/library/ms178194(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/78c837bd(v=vs.100).aspx
http://www.codeproject.com/Articles/31914/Beginner-s-Guide-To-ASP-NET-Cookies