{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 We Are One 的问题《Keeping user logged in - FormsAuthentication》','https://www.manongdao.com/q-394248.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am having the hardest time figuring this out. I am using FormAuthentication. When a user logs in and they check remember me, I want to the user to stay logged in for 24 hours. The problem is, no matter what I do the user is automatically logged out after like 30 minutes. We the user selected remember me, I set a persistent cookie to expire 24 hours later. I can see the cookie in the browser options and the expiration is correct. If I leave the site and go back in say an hour. The user is logged out...... He is some code snippets of what I have.
bool IsValid = Membership.ValidateUser(LoginControl.UserName, LoginControl.Password);
if (IsValid)
{
e.Authenticated = true;
if (LoginControl.RememberMeSet)
{
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(LoginControl.UserName, true, 1440); // 1 day
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.Expires = authTicket.Expiration;
HttpContext.Current.Response.Cookies.Set(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(LoginControl.UserName, true), true);
FormsAuthentication.SetAuthCookie(LoginControl.UserName, true);
FormsAuthentication.RedirectFromLoginPage(LoginControl.UserName, true);
}
else
{
FormsAuthentication.SetAuthCookie(LoginControl.UserName, false);
FormsAuthentication.RedirectFromLoginPage(LoginControl.UserName, false);
}
}
Here is my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" defaultUrl="/" timeout="1" cookieless="UseCookies" protection="All" slidingExpiration="true" ticketCompatibilityMode="Framework40"/>
</authentication>
When a user does not check remember me, I set a non-persistent cookie and after 1 minute of inactivity the user logs out. This is working correctly. The problem is when a remember cookie is set and the user returns the user is not logged in anymore even though a cookie is there.
Set the following session state time out in web.config. By default, session timeout is 20 minutes.
Solution
Set authentication cookie using default ticket setting if user checks remember me. Otherwise, create AuthenticationTicket by yourself.
Testing
To be honest with you, Session and Authentication Cookie time out 1 minute is too low, but it is up to you.
In addition, please a note in web.config that you create AuthenticationTicket yourself. Next person who debug your code will definitely appreciate it.
Problem (Updated)
If we create FormsAuthenticationTicket ourself, we should not use FormsAuthentication.RedirectFromLoginPage which will override our custom expire date and uses the one from web.config.