FormsAuthentication.SetAuthCookie problem

Question

In my MVC 3 application I have a very basic controller

[HttpPost]
public ActionResult SignIn(LogonModel logonModel)
{
    string logonMessage;
    if(_authenticationService.Login(logonModel.UserName, logonModel.Password, 
        out logonMessage))
    {
        FormsAuthentication.SetAuthCookie(logonModel.UserName,true);

        return RedirectToAction("Index", "Home");
    }

    return View();
}

I see the cookie getting set in the browser however when I close the browser and come back to the site, it is not logging me in automatically. It is almost like the cookie is not being processed, which it should be.

Answer 1

I had a situation where the domain was wrong in the authenticaion section:

  <authentication mode="Forms">
      <forms name="yourAuthCookie" loginUrl="/user/login" protection="All" path="/" enableCrossAppRedirects="true"  timeout="90" domain="WRONGDOMAIN.COM" />
    </authentication>

Removing the domain did the trick:

  <authentication mode="Forms">
      <forms name="yourAuthCookie" loginUrl="/user/login" protection="All" path="/" enableCrossAppRedirects="true"  timeout="90"  />
    </authentication>

Answer 2

Be sure to remove the following <modules> tag from the web.config if using MVC 5+

<system.webServer>
<modules>
  <remove name="FormsAuthentication" />
</modules>
</system.webServer>

Answer 3

The first and most obvious question is: are cookies enabled in your browser?

What you could check as well is, whether in your web.config, you have configured the <authentication> section to have a timeout:

<authentication mode="Forms">
    <forms loginUrl="~/login" timeout="60" />
</authentication>

if you don't specify a timeout it'll use the default value of 30 minutes, but maybe you set it to some other (invalid) value?

timeout attribute:

Specifies the time, in integer minutes, after which the cookie expires.

You could also check the CookiesSupported property (boolean) to see that that returns.