Hi Thomas,

Haven't used the membercontrols since they are based on V3, in V4 you can use the default asp.net Logincontrols. Never experienced the behaviour you've described using these controls.

Cheers,

Richard

usercontrols for v3 has RememberMe checkbox, which can cause this behavior.

Some details can be found http://forum.umbraco.org/yaf_postst2131p2_MemberControls-updated--anyone-care-to-test.aspx

Hi guys! Thanks for replying!

The site I'm currently working on is an Umbraco v3 site so using v4 stuff is not an option here.

Here's the big picture: My client has a bunch of password protected pages that are accessed using the Umbraco Member Controls (v3) and individual member accounts. She want's to log the number of times a certain member has logged in to see how frequently the password protected pages are accessed. In order for this to work I need to:

1. Set an expiration time on the login session. Otherwise most members will log in once and then just stay logged in (I guess this works as long as there's a cookie saying the member is logged in).
2. Somehow log who logged in. Either write time-stamped log entries to an XML-file or database table or just increment counters (one counter for each memeber).

How would you solve this? The site also has Google Analytics so a third option would be to somehow trigger a Google Analytics tracking point programatically from within the login function in ASP.NET. Haven't found a good way of doing this yet though...

/Thomas Kahn

I use google analytics custom variables for logged in users

http://www.analyticsmarket.com/blog/custom-variables-google-analytics

You can also disable remember me checkbox (I hope :-), but until member close browser he is still logged in

I saw that the macro that was installed did not have the parameter "UseCookiesForAuthentication" so I added one (bool). When I look at the cookies I see that the expiration date is set one year ahead in time. Can this be altered? If set "UseCookiesForAuthentication" to 0 (false), what session time to I get?

I haven't found any Remember Me checkbox though? Where should I be looking?

Regards,
Thomas

Hi,

I use modified membercontrols from kalpa, but it looks his web is gone.

Try look at this old post
http://forum.umbraco.org/yaf_postst2131p2_MemberControls-updated--anyone-care-to-test.aspx

Maybe I can find downloaded package..

You also can download sources for v3 and modify cookie settings.

Hi Petr!

Yes, I saw that the links to the files don't work anymore. :-(

I have the source code for the membercontrols (downloaded from Codeplex) but as far as I can see it contains no cookie expiration settings?

Regards,
Thomas Kahn

Great! Thanks a million! I will download it an try it on Monday.

/Thomas Kahn

Now I have downloaded and started customizing the modified Umbraco Membercontrols.

I discovered a bug:
When the user logs in, for some reason the panels are not updated. The code that shows/hides the panels was placed in Page_Load and when I click the login-button, Page_Load doesn't run and the panels won't update. It's not until you click the login button once again that the panels are updated. I moved the code from Page_Load to a separate method (UpdatePanels) and triggered that method both in Page_Load and ButtonLogin_Click.

 protected void Page_Load(object sender, EventArgs e)
        {
            UpdatePanels();
        }

        protected void UpdatePanels()
        {
            ButtonLogout.Text = _signoutText;
            ButtonLogin.Text = _ButtonLoginText;
            if (_logoutOnly)
            {
                PanelSignIn.Visible = false;
                if (Member.GetCurrentMember() != null)
                {
                    updateUserName();
                    PanelSignOut.Visible = true;
                }
                else
                    PanelSignOut.Visible = false;
            }
            else
            {
                if (Member.GetCurrentMember() != null)
                {
                    updateUserName();
                    PanelSignIn.Visible = false;
                    PanelSignOut.Visible = true;
                }
                else
                {
                    PanelSignIn.Visible = true;
                    PanelSignOut.Visible = false;
                }
            }
        }

And

 protected void ButtonLogin_Click(object sender, EventArgs e)
        {

            Member m = Member.GetMemberFromLoginNameAndPassword(TextBoxUserName.Text, TextBoxPassword.Text);

            if (m != null)
            {
                if (UseCookiesForAuthentication)
                {
                    Diagnostics.Text = _MinutesUntilCookieExpires.ToString();
                    Member.AddMemberToCache(m, false, new TimeSpan(0, 0, _MinutesUntilCookieExpires, 0));
                }
                else
                {
                    Member.AddMemberToCache(m, true, new TimeSpan(0, 0, 0));
                }
            }
            else
            {
                litLoginResult.Text = _loginFailedText;
            }
            UpdatePanels();
        }

This makes sure the panels are updated when the user clicks the login button.

Now to the next question:

I want the user to be logged out after 20 or 30 minutes of inactivity, just like it works with sessions. So I have altered the UseCookiesForAuthentication code to minutes instead of days and this seems to work fine apart from the fact that I don't think this solution monitors activity and the user will be logged out regardless what he/she is currently doing(?)

What would be the best way to solve this?

Regards,
Thomas Kahn

Hi Thomas, I think this behavior is ok, it's caused asp.net page lifecycle event orders. Page_Load is executed before button events. Try move it from page_load to Page_PreRender

Petr

Hi Petr!

Thanks! Moving the code to Page_PreRender worked great!

Now I just have to find a way to become logged out after 20 or 30 minutes of inactivity. I have found the definition of the method AddMemberToCache but when I try to use it like this:

Member.AddMemberToCache(m, true, new TimeSpan(0, 0, 1, 0));

...it seems the user is not logged out after one minute of inactivity. The user is only logged out by pressing the logout-button.

Hmm, found an mailing list post that says that timespan is ignored on sessions. Explains why my one minute timespan does not work if sessions is set to true.

The question now is how long is the session and is there a way to alter it? Could it be controlled using web.config? Would altering the sessionState element in web.config affect other things in Umbraco, for example how long administrators are logged in?

/Thomas

Yes - when I do some experimenting, altering the sessionState element in web.config seems to control the amount of time that the user is logged in. And this does not seem to affect the Umbraco admin interface login.

So - in conclusion - setting timeout="20" in the sessionState element in web.config should do the trick and logout the member after 20 minutes of inactivity.

/Thomas

Why you want to use session instead of cookie?

If I've got it right, cookie expiration doesn't monitor activity and push the expiration time forward every time the user does something? I want the user to be logged out after 20 minutes of inactivity, not after just 20 minutes.

When I tested the cookie method, I was logged out regardless of activity.

/Thomas

is working on a reply...