I have been developing an ASP.NET MVC 4 (with razor) WebApp, that worked great in Debug, and even in Release on my local machine.
Now I uploaded it to the server, and while you are navigating it suddenly, from time to time closes your user session, asking for username and password again.
Any idea of why? Maybe I am losing some configuration or settings requirements, but its driving me mad.
It looks like you are confusing Session with Authentication. You probably need to enable FormsAuthentication.SlidingExpiration Property so you aren't automatically logged out.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
name=".ASPXFORMSAUTH"
cookieless="UseCookies"
requireSSL="true"
slidingExpiration="TRUE" />
</authentication>
I think that your Session expires after 20 minutes. take a look here:
What is default session timeout in ASP.NET?
Also you'll find the solution for your problem, that is to set Session timeout..
Related
This ASPX app I'm working on keeps logging me out mid-session. I tried changing this:
<sessionState mode="InProc" timeout="24" />
To
<sessionState mode="InProc" cookieless="true" timeout="1440" />
But it still times out every couple of minutes (sometimes sooner). I've never programed in ASPX before and I'm just making basic layout changes (removing three nested tables, etc.), but it's horrible how many times I have to log in to do even the simplest things.
Any clue what else might be timing me out if not the session state? I didn't write any of this...
The InProc and the session is not keep the logging authentication. This authentication is done using some other cookie that if you loose it you logged out.
There are two points to look - if you move from http to https and if you move from www. to non www. pages.
To solve that go to your web.config and check if you have setup that properties correctly (especial the domain).
<authentication mode="Forms">
<forms timeout="50" path="/" requireSSL="true" cookieless="UseCookies" domain="domain.com" />
</authentication>
Also check on roleManager and on httpCookies that you have setup the domain.
I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.
When running locally, my site runs fine. However when on the live site, after around 10 seconds of inactivity I keep getting logged out.
My web config line for authentication looks like the following:
<forms name="RaiseFLAuthentication" loginUrl="home.aspx" cookieless="UseCookies" defaultUrl="/myPredictions.aspx" timeout="240" slidingExpiration="false"/>
I have also tried putting <sessionState timeout="30"></sessionState>but this hasn't worked either.
A second issue I am having is that although i have set the defaulturl to myPredictions.aspx, when I go to the url www.website.co.uk and log in, it does not redirect here, it stays as default url. Although again, running locally I have no problem.
Can anyone suggest why either of these things are happening and how to fix this?
Here are my answers to your questions:
1) This one is a bit tricky because you mentioned it's working fine locally but try this (assuming you are using InProc session mode):
<sessionState mode="InProc" cookieless="true" timeout="30" />
2) It seem like you are missing the tilde (~) in your defaultUrl attribute.
<forms name="RaiseFLAuthentication" loginUrl="home.aspx" cookieless="UseCookies" defaultUrl="~/myPredictions.aspx" timeout="240" slidingExpiration="false" />
The time out is controlled by the sessionState element, the default is 20 minutes if a timeout is not specified, so if all you get is 10 seconds I would look elsewhere in your code for the cause of the problem.
With regard to your re-direct issue. This has already been answered here.
I am debugging my project at my local machine. I am storing information in two default cookies .ASPXAUTH and .ASPXANONYMOUS. However, I realise they are deleted everytime when I stop debugging. So SQL server can never match up the previous profile settings.
I read this link it says these cookies are only working when you get a real IP address.I do not have a .net+SQL server that I can use for upload testing. Question is, can I preserve the cookies or somehow make it work in my local machine? Thanks
<authentication mode="Forms">
<forms name=".ASPXAUTH" defaultUrl="~/Home/Index" loginUrl="~/Account/LogOn"
protection="All" cookieless="AutoDetect" slidingExpiration="true" timeout="8760" />
</authentication>
<anonymousIdentification cookieName=".ASPXANONYMOUS" cookieProtection="All" cookieless="AutoDetect"
enabled="true" cookieSlidingExpiration="true" cookieTimeout="8760" />
EDIT: To get an idea of the problem please see this pic below.
Instead of just keep using first row as UserId, the .NET membership keeps creating new entry everytime when I stop/start a new debugging. Reason is the old cookies in last session was deleted as soon as debugging was stopped.
Have you tried to verify if the delete browsing history is not checked fro your internet options. If that`s checked, it might be deleting the cookies.
So we have been stuck on a connection timeout issue and we are lost.
All pages on this asp.net web application times out after exactly 2 minutes.
Saying:
connection timed out
description: connection timed out
All articles on the internet suggest it is the asp.net web config setting "executionTimeout". (Here is ours)
<httpRuntime executionTimeout="3600" requestValidationMode="2.0" maxRequestLength="15360" />
But obviously ours is set to way above 2 mins. A colleague of mine also fiddle with the iis settings without success.
Any suggestions?
EDIT: This does not happen on debug at all, which makes me lean towards it being an IIS issue.
EDIT: We don't believe it to be an asp.net session issue since we are still logged in and can browse to other secure pages after this happens
Resolved: So after some more investigation we discovered that the timeout issue was just from when accessing the website from within our intranet. Apparently we have some daemon software (Websense) running on the network that was the root of all this evil.
The above you mentioned should work, Look for the following in your web.config file (maybe its a issue of session timeout):
<system.web>
<authentication mode="Forms">
<forms timeout="20"/>
</authentication>
<sessionState timeout="20" />
</system.web>
Increase the timeout time you are using.
Hope this helps.