CODEWITHSUNDEEP
c#asp.netwebforms
jmasterx
jmasterx

Reputation: 54113

Persistant cookie does not persist?

I have a cookie I create:

   FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), true);

With this I would expect to stay logged in until I explicitly sign out but after 30 or so minutes, I have to sign back in.

Here is my auth class:

    public static class Authorization
    {
        public static bool Login(string username, string password, bool persist)
        {
            Employee e = ResourceManager.GetEmployeeByEmail(username);

            if (e == null || !ResourceManager.VerifyEmployeePassword(e.EmployeID, password))
            {
                return false;
            }

            FormsAuthentication.SetAuthCookie(e.EmployeID.ToString(), persist);
            return true;
        }

        public static void Logout()
        {
            FormsAuthentication.SignOut();
        }

        public static string GetUserId()
        {
            return HttpContext.Current.User.Identity.Name;
        }

        public static string GetUsername()
        {
            return GetEmployee().EmployeEmail;
        }

        public static bool IsAuthenticated()
        {
            return HttpContext.Current.User.Identity.IsAuthenticated;
        }

        public static Employee GetEmployee()
        {
            int id = 0;
            int.TryParse(GetUserId(), out id);
            return ResourceManager.GetEmployee(id);
        }

        public static bool IsAdministrator()
        {
            if (!IsAuthenticated())
            {
                return false;
            }

            Employee e = GetEmployee();

            if (e != null)
            {
                return SecurityManager.IsEmployeeAdmin((e.EmployeID));
            }

            return false;
        }
    }
}

Is there anything wrong?

I have this in my web config:
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
      </assemblies>
    </compilation>
    <authentication mode="Forms" />
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>

Upvotes: 0

Views: 111

Answers (1)

DGibbs
DGibbs

Reputation: 14618

The default timeout value for the auth cookie is 30 mins unless otherwise specified.

Since you claim to be getting logged out after 30 minutes it would suggest to me that you have not specified otherwise.

To do this, you must set the timeout property of the <form /> element within your web.config file.

For example: -

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx" timeout="2880" />
</authentication>

Upvotes: 2

Related Questions