I have these on my web.config of my root directory
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="60"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
But .ASPXAUTH cleared so soon (5 minutes I guess).
What is the probable reason?
Very often, it is because you rebuild the solution. The web server restarts and machineKey are regenerated.
So the cookie encrypted and signed by previous machineKey is invalid.
That's why you are forced to log out.
Here is a quick one for you.
https://stackoverflow.com/a/436053/280970
Related
I have been able to do this transition for the session cookie but not for the login cookie
and I have the following web.config
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
if I change cookieSameSite="None" to cookieSameSite="Lax" or strict. I can see that the change takes place, but it seems to still have the old behavior of not emiting the samesite value when set to None
I'm using .net framework 4.7.2 and have installed the server update that allowed me to do the session with samesite=none
turn out I was missing sameSite="None" <httpCookies
so now I have : <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms name="MyCookie" loginUrl="~/Login/login.aspx" timeout="30" slidingExpiration="true" cookieless="UseCookies" cookieSameSite="None" protection="All" requireSSL="true" defaultUrl="~/Login/DefaultRedirect.aspx" enableCrossAppRedirects="false" path="/" />
</authentication>
I have this in my web.config:
...
<system.web>
<sessionState mode="InProc" timeout="30" cookieless="UseCookies" />
<authentication mode="Form">
<forms loginUrl="http://myurl" path="/" cookieless="UseCookies" slidingExpiration="true" requireSSL="true" />
</authentication>
...
How can I get the value of loginurl at runtime?
System.Web.Security.FormsAuthentication.LoginUrl
Gets the URL for the login page that the FormsAuthentication class
will redirect to.
Details at MSDN.
my site (ASP.NET webForm ) log out with out user request , user forced to login page and interrupt his work ? please advice ...
this line from my web.config
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880" />
</authentication>
Try increasing the Session timeout value, by default this is 30 minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/XXXXXXX.aspx" timeout="2880"/>
</authentication>
<sessionState timeout="3000" />
</system.web>
I use following code in web config but it doesn't works properly.Suggest your code for redirect when session expires
my code is:
<authentication mode="Forms">
<forms name="MyAuth" timeout="60" protection="All" loginUrl="Login.aspx" slidingExpiration="true" />
</authentication>
<sessionState mode="InProc" cookieless="false" timeout="60" />
I use the following code:
<authentication mode="Forms">
<forms name="WhateverYourAuthNameIs" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" protection="All" path="/" cookieless="AutoDetect" timeout="2880" />
</authentication>
Perfectly working for me.
You can check for a session using Session["sessionName"] and see if it returns null and if it does just redirect them using Response.Redirect("login.aspx");
if(Session["sessionName"]==null)
{
Response.Redirect("Login.aspx");
}
I used this following code to set authenticate cookie :
System.Web.Security.FormsAuthentication.SetAuthCookie(Profile.Email, true);
my question is how I can increase life-time for this authentication cookie ?
The timeout is set primarily in the web.config file, you can do it in code but I wouldn't advise it.
These are the default settings, you can see the timeout value that's specified in minutes.
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
</system.web>
This is how to set that time up. (For instance, for two weeks expiration).
var cookie = FormsAuthentication.GetAuthCookie("user-name", false);
cookie.Expires = DateTime.UtcNow.AddDays(14);
Response.Cookies.Add(cookie);