Reputation: 5727
"Remember Me" not working on server
I'm implementing "Remember Me" feature, I want the user to not have to enter login/password again.
It's seems to work in local, but in a shared hosting, It last for about 15 minutes then logout. Here is the code:
controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="InProc" timeout="262974" cookieless="UseCookies" />
EDIT
I've added the sessionState, but still the same problem, working on local and not on the server?
what am I missing?
Upvotes: 3
Views: 1870
Answers (3)
Reputation: 71
Go to : ASP.NET Settings and scroll to Session settings change "value" none to "Forms" It will be done!
Upvotes: 0
Reputation: 5727
I finally found the solution, I had to use StateServer instead of InProc and also a machine key, Here is the full solution:
Controller:
FormsAuthentication.SetAuthCookie("username", true);
Web.config:
<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="262974" cookieless="UseCookies" />
</authentication>
<sessionState mode="StateServer" timeout="262974" cookieless="UseCookies" />
<machineKey validationKey="5BAE63F50C69C1BBB7BFC2E696674389C307E28E9DEB60FB273B85CAD8FC3C2261FB13DF92B90A99C6EB684FDB1F6E3E92E1A42083EB77B5918126DD52245FB5" decryptionKey="11F6FE0C790413FFF3E230387168016B212216DEF727C4157CDDD0558BEAE5B7" validation="SHA1" decryption="AES" />
I have a shared hosting with Arvixe and it's in their Support where I found the solution: support.arvixe.com
Upvotes: 3
Reputation: 9180
Look into the sessionstate element in your web.config. For example:
<sessionState mode="InProc" timeout="60" />
Check out the following SO question for differences between the sessionstate element and the forms element in your web.config: Differences in forms auth timeout and session timeout
The accepted answer by @womp states the following:
A session starts every time a new user hits the website, regardless of whether or not they are anonymous. Authentication has very little to do with Session.
Authentication timeout is the amount of time that the authentication cookie is good for on the user's browser. Once the cookie expires, they must re-authenticate to access protected resources on the site.
So, if Session times out before the Authentication cookie - they are still authenticated, but all their session variables disappear, and may cause errors in your website if you are not disciplined in checking for nulls and other conditions brought about by missing session.
If Authentication times out before the session, then all their session variables will still exist, but they won't be able to access protected resources until they log back in again.
Upvotes: 4
Related Questions
- Remember me option not working using cookies in ASP .Net MVC
- ASP.Net MVC - Cookie Remember Me
- "Remember me" with ASP.NET MVC Authentication is not working
- MVC: cookies are not persisting
- User gets logged out with 'Remember me'
- cookie not working for remember me in asp.net
- Cookies for "Remember me" are not working
- ASP MVC Cookies not persisting
- ASP.Net MVC Cookies not persisting
- Remember me in Login with Cookies