Reputation: 10296
What could cause an asp.net application to forget a user?
I've got an asp.net application which seems to forget that a user is logged in after a while.
I'm using the membership provider and when opt to "remember" the log in it remembers it during the session. I can even close the browser, restart and come back and it will still be logged in. But after a while it forgets and it seems to do it at any old time. I've once been logged in and when I went to a new page it was logged out.
The other strange things are:
- On my development machine it remembers the log in forever. Even after IIS restarts and recompiles it will remember my login as expected.
- I have another application on the same server that does remember the login forever. I compared how they handle login and they seem to be identical.
This leads me to believe that the issue has something to do with the server or perhaps something in the application not directly related to the login and membership code. What could I look at?
Edit: Looked up the cookie using Fiddler and they seem to be ok. An Authentication cookie created today expires 2 weeks from now, which is how my config is set up: expires=Mon, 06-Sep-2010 01:47:51 GMT
Edit: The problem seems to be that the app pool is recycling and the authentication cookie becomes invalid because it can no longer be read as the machine key has changed. The solution was to add a machineKey segment to the web.config and supply a static machine key.
Upvotes: 4
Views: 705
Answers (2)
Reputation: 394
There are two major possibilities.
Cookie expiration. If the cookie expires / goes away, then you are considered logged out.
Cookie invalidation. Login cookies are encrypted based on the machineKey value. If you do not specify a machineKey, a new one is regenerated each time the application pool starts up (or is recycled). That means that any login cookie encrypted with the old machineKey is now invalid, and you will not be considered logged in.
Check to see what the recycle settings are on your application pool in IIS and see if that corresponds with the timing of you not being logged in.
Upvotes: 4
Reputation: 34810
"Remember me" functionality is done using cookies. Cookies can be set with an expiration date. You need to look into how the cookie is being set (Fiddler is good for this, you can inspect the HTTP header when the cookie is set.)
Upvotes: 3
Related Questions
- What can cause incorrect user names when using IIS & Windows Authentication?
- ASP.net Web Administration Tool Forgetting users?
- c# web app users get logged out without any reason
- how to troubleshoot random logouts in asp.net application using forms authentication
- ASP.NET:HttpContext.Current.User.Identity.Name seems to loosing its value randomly on page_load
- User.Identity.Name sometimes blank with Windows authentication
- users suddenly cannot login to asp.net application
- Forms Authentication Problem loses current user
- user login not being remembered
- ASP.NET session lost but only for one particular user