We upgraded from MVC3 to MVC4 using the new membership framework.
The session is timing out after 5 minutes.
I tried to set the session to one week, set the sliding session to true, nothing helped.
Godady say they don't support MVC4, but I am not sure if that matters, since this should be related to IIS. What is the difference between MVC3 and MVC4 that is creating this behavior?
Edited:
Here is my config file:
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="~/Home/LogOn" timeout="2880" slidingExpiration="true"/>
</authentication>
<sessionState timeout="2880" />
hey #MBen you read this article that may help you.
http://www.dotnet-tricks.com/Tutorial/mvc/906b060113-Controlling-Session-Behavior-in-Asp.Net-MVC4.html
Related
I'm using forms authentication in my ASP.NET MVC 4 application. I have configured the timeout settings as below in my web.config.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
Since I'm using a shared hosting environment, I can not change the IIS settings for timeout.
Currently it seems that this timeout is not working and it occurs after 15-20 mins of idle time.
are there any settings to force the timeout to take the value in web.config?
Explicitly adding the machine key to the web.config solved the issue.
http://aspnetresources.com/tools/machineKey
I am building a website with VS2013 RC and MVC 5 and am trying to use formsAuthentification without registering permanent users on my site.
I'm posting to my company's api to authenticate user's names and passwords. When this comes back successfully, I want to issue an authorization cookie with:
System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
I see the .ASPXAUTH=... cookie after this is called.
But, I can not get into the #if(User.Identity.IsAuthenticated) or alternatively #if(Request.IsAuthenticated) block on the template's _LoginPartial.cshtml page.
This technique did work for me in MVC 4 and I am trying to bend it to fit MVC 5's OWIN authentication.
I needed to enable forms authentication in the web.config
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
...
</system.web>
If you don't want to fight against MVC5 new authentication mode (OWIN) you can find your answer in this link
http://www.khalidabuhakmeh.com/asp-net-mvc-5-authentication-breakdown-part-deux#disqus_thread
I tried all the above solutions ,but the thing that solves my problem was commenting this in web.config
<modules>
<remove name="FormsAuthentication"/>
</modules>
Those who still have this issue and have tried all above approaches I do recommend try add to the Web.Config file in the section authentication forms cookieless="UseCookies". In my case it worked fine.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" cookieless="UseCookies" timeout="2880" />
</authentication>
...
</system.web>
Here is a snippet from my web.config file:
<system.web>
<sessionState timeout="1440"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1440"
cookieless="UseCookies"
/>
</authentication>
I am getting sessions expiring much sooner than 1 day (within an hour or so). Are there any other IIS or ASP.NET settings that could be affecting this? (the app is not setting any timeouts from code).
I would check the application pools recycle time. This is probably the cause as I think that it defaults to something like 20 minutes.
I have floder in wwwroot that contain all the pages for a website.
the problem is that session and cookies are not save between the pages, although that the session is recognized, but always empty!
What do I have to do in order to enable session and cookies between the pages?
I tried adding this line to web.config
<authentication mode="Forms">
<forms cookieless="AutoDetect" domain="" timeout="10" protection="All" />
</authentication>
And I turn the folder to an Application throw the IIS manager tools.
but nothing :(
the IIS version is 7
Thanks for any help
Have you checked that session state is enabled in IIS7?
http://technet.microsoft.com/en-us/library/cc725624%28WS.10%29.aspx
You also need to ensure that you have the session state config setting setup in your web.config in your application.
Here's an example of mine
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
You should check out
http://msdn.microsoft.com/en-us/library/ms178586.aspx
Edit: updated the above link, the previous one was defunct.
I'm working on a web application that is using Forms authentication.
<authentication mode="Forms">
<forms slidingExpiration="true"
loginUrl="~/User.aspx/LogOn"
timeout="15"
name="authToken" />
</authentication>
I'm seeing this cookie set in my browser when I log in:
The question is what happens when I put this website in a load balanced model? Where is the ASP.net session cookie being set? I didn't explicitly do it in code, so I assume it's happening behind the scenes somewhere in ASP.Net.
Also, If the session cookie is set by web server A, I assume web server B won't recognize it and treat it as an invalid session. If this is the case, I probably don't want to use it, right?
You'll have to set the machine key to be the same and the name to be the same on both machines...if this is done you should have no problems load balancing with forms auth.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" defaultUrl="~/"
name=".myportal"
protection="All" slidingExpiration="true" timeout="20" path="/"
requireSSL="false"></forms>
</authentication>
<machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>
Sessions can get slightly more complicated. You can store the ASP.Net session state in the database or use a shared session provider to make it available for load balancing as well.
Here is a good article on storing session state in the DB: http://idunno.org/articles/277.aspx