I am debugging my project at my local machine. I am storing information in two default cookies .ASPXAUTH and .ASPXANONYMOUS. However, I realise they are deleted everytime when I stop debugging. So SQL server can never match up the previous profile settings.
I read this link it says these cookies are only working when you get a real IP address.I do not have a .net+SQL server that I can use for upload testing. Question is, can I preserve the cookies or somehow make it work in my local machine? Thanks
<authentication mode="Forms">
<forms name=".ASPXAUTH" defaultUrl="~/Home/Index" loginUrl="~/Account/LogOn"
protection="All" cookieless="AutoDetect" slidingExpiration="true" timeout="8760" />
</authentication>
<anonymousIdentification cookieName=".ASPXANONYMOUS" cookieProtection="All" cookieless="AutoDetect"
enabled="true" cookieSlidingExpiration="true" cookieTimeout="8760" />
EDIT: To get an idea of the problem please see this pic below.
Instead of just keep using first row as UserId, the .NET membership keeps creating new entry everytime when I stop/start a new debugging. Reason is the old cookies in last session was deleted as soon as debugging was stopped.
Have you tried to verify if the delete browsing history is not checked fro your internet options. If that`s checked, it might be deleting the cookies.
Related
This ASPX app I'm working on keeps logging me out mid-session. I tried changing this:
<sessionState mode="InProc" timeout="24" />
To
<sessionState mode="InProc" cookieless="true" timeout="1440" />
But it still times out every couple of minutes (sometimes sooner). I've never programed in ASPX before and I'm just making basic layout changes (removing three nested tables, etc.), but it's horrible how many times I have to log in to do even the simplest things.
Any clue what else might be timing me out if not the session state? I didn't write any of this...
The InProc and the session is not keep the logging authentication. This authentication is done using some other cookie that if you loose it you logged out.
There are two points to look - if you move from http to https and if you move from www. to non www. pages.
To solve that go to your web.config and check if you have setup that properties correctly (especial the domain).
<authentication mode="Forms">
<forms timeout="50" path="/" requireSSL="true" cookieless="UseCookies" domain="domain.com" />
</authentication>
Also check on roleManager and on httpCookies that you have setup the domain.
I am having issues with a third party site we are using to process credit card payments posting those payments back to our site (ASP.NET MVC) and the ASP.NET_SessionId getting lost. This is happening in Chrome exclusively. I believe it's due to their recent SameSite which you can read about here. I can see when inspecting the cookie in chrome that the Send for attribute on the cookie is set to 'Secure same-site connections only' but locally it says only 'Secure connections only'.
I have made the necessary changes to my website locally and have this working but once pushing those changes to our live webserver (Windows Server 2012) I am still having issues with Chrome.
Here is my relevant web.config settings:
<compilation debug="true" targetFramework="4.7.2"/>
<httpRuntime targetFramework="4.5.1" maxRequestLength="4096"/>
<sessionState mode="InProc" cookieless="false" timeout="60" cookieSameSite="None"/>
<httpCookies requireSSL="true"/>
<authentication mode="Forms">
<forms name="RAMAUTH" timeout="60" slidingExpiration="true" cookieSameSite="None"
requireSSL="true"/>
</authentication>
The webserver has .NET 4.7.2 installed.
I think that's everything I need to do in order to get this working and like I said it works locally but not on the live webserver. Another thing I noticed is when using the configuration editor in IIs (8.5) on the webserver it errors telling me it does not recognize the 'cookiesSameSite' attribute.
Am I missing something? Is there a logical reason as to why this would work ok locally but not on a live webserver running IIS?
I must be doing something wrong. I have followed instructions to set the timeout on my forms authentication app, but the app never renews the cookie and will time out about every 15mins or so.
I must be missing something that is so obvious it is not mentioned in the literature.
Here is my config info:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" defaultUrl="~/" timeout="120" slidingExpiration="true" cookieless="UseCookies" />
</authentication>
and the session state
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="120">
...
I have tried sliding or not sliding--same time out happens.
Dumb questions: do I need something in the code behind (VB) on every page to make sure the postback renews the authentication?
If you are browsing your web application from IIS then check the check the Idle Time-Out(minutes) property under "Process Model" of application pool.
If it is 20 minutes. You should change that property value.
I have been developing an ASP.NET MVC 4 (with razor) WebApp, that worked great in Debug, and even in Release on my local machine.
Now I uploaded it to the server, and while you are navigating it suddenly, from time to time closes your user session, asking for username and password again.
Any idea of why? Maybe I am losing some configuration or settings requirements, but its driving me mad.
It looks like you are confusing Session with Authentication. You probably need to enable FormsAuthentication.SlidingExpiration Property so you aren't automatically logged out.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
name=".ASPXFORMSAUTH"
cookieless="UseCookies"
requireSSL="true"
slidingExpiration="TRUE" />
</authentication>
I think that your Session expires after 20 minutes. take a look here:
What is default session timeout in ASP.NET?
Also you'll find the solution for your problem, that is to set Session timeout..
I'm working on a web application that is using Forms authentication.
<authentication mode="Forms">
<forms slidingExpiration="true"
loginUrl="~/User.aspx/LogOn"
timeout="15"
name="authToken" />
</authentication>
I'm seeing this cookie set in my browser when I log in:
The question is what happens when I put this website in a load balanced model? Where is the ASP.net session cookie being set? I didn't explicitly do it in code, so I assume it's happening behind the scenes somewhere in ASP.Net.
Also, If the session cookie is set by web server A, I assume web server B won't recognize it and treat it as an invalid session. If this is the case, I probably don't want to use it, right?
You'll have to set the machine key to be the same and the name to be the same on both machines...if this is done you should have no problems load balancing with forms auth.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" defaultUrl="~/"
name=".myportal"
protection="All" slidingExpiration="true" timeout="20" path="/"
requireSSL="false"></forms>
</authentication>
<machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>
Sessions can get slightly more complicated. You can store the ASP.Net session state in the database or use a shared session provider to make it available for load balancing as well.
Here is a good article on storing session state in the DB: http://idunno.org/articles/277.aspx