Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Pete 152 posts 176 karma points
    Aug 27, 2009 @ 16:07
    Pete
    0

    "Remember me" not persisting

    Basically, ticking the 'Remember me' checkbox on a standard asp.net login control does not keep the user logged in between browser sessions. 

     

    Has anyone has this issue with the umbraco 4 .net membership integration? Any idea where to start tracking down the problem? 

     

  • Pete 152 posts 176 karma points
    Aug 27, 2009 @ 16:08
    Pete
    0

    In the web.config:

    <authentication mode="Forms">

    <forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" timeout="50000000" slidingExpiration="true" />

    </authentication>

  • Pete 152 posts 176 karma points
    Sep 16, 2009 @ 16:16
    Pete
    0

    Anyone? 

    Logging someone in programmatically works but using the standard ASP.NET Remember Me check box doesn't. 

    The cookies that are written are quite different - when done programmatically, the cookie contains things like umbracoMemberGuid and umbracoMemberId. 

    Do I need to add some calls to the OnLoggingIn or something?

  • Richard Soeteman 4045 posts 12898 karma points MVP 2x
    Sep 16, 2009 @ 16:30
    Richard Soeteman
    0

    Hi Peter,

    I never experienced this issue, maybe because  I've added the domain attribute. Without that I had some issues loggin in onto the english version of the site.

    <

     

    authentication mode="Forms">

    <

     

    forms name="yourAuthCookie" loginUrl="login.aspx" domain="soetemansoftware.nl" protection="All" path="/" />

    </

     

    authentication>

     

    Hope this helps you,

    Richard

  • Pete 152 posts 176 karma points
    Sep 16, 2009 @ 16:34
    Pete
    0

    Thanks Richard. 

    I have added the domain attribute since the original post:

    <forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" timeout="50000000" slidingExpiration="true" domain="playground.v2" />

    No luck though.

  • Pete 152 posts 176 karma points
    Sep 16, 2009 @ 16:53
    Pete
    0

    I'm using Umbraco v 4.0.1 (Assembly version: 1.0.3373.718)

  • Jameskn 64 posts 78 karma points
    Sep 18, 2009 @ 16:58
    Jameskn
    0

    Pick up a copy of fiddler and have a look at the requests and response going back and forth. Assume you are not blocking cookies, and you have  had a look at your ie/firefox settings ? (I am sure you have.. but just a thought) Fiddler though might shed some more light on it. Sorry I could not be more help, just about to run into this area over the weekend. So maybe I will come into the same problems. Might want to try the latest release of umbraco and see if that solves the problems. 

  • Thomas Kahn 602 posts 506 karma points
    Jan 08, 2010 @ 16:26
    Thomas Kahn
    0

    Does anyone have more info regarding this?

    I use the standard ASP.NET login control and in my web.config, the forms authentication is set up like this:

    <authentication mode="Forms">
    <forms name="myCustomCookie"
    loginUrl="logga-in.aspx"
    protection="All" path="/"
    timeout="31536000"
    slidingExpiration="true"
    domain="karnhus.se" />
    </authentication>

    The cookie generated when I log in and check the remember me checkbox, looks like this (using the Web Developer plugin for Firefox):

    Name myCustomCookie
    Value C7CF404B4F9146ABBA97B514F3FFE34506A57CE0AC857AE26ED2E7625211008816DFF60D1854F1F1711FAD17CB3DDAAB125E0D10CB3439BB3D252873D6B4A0680B1335774AF7C9B4342A7DB647AE19F90DA5C013A6925A00496FE2AEFF0CBD95
    Host .karnhus.se
    Path /
    Secure No
    Expires At End Of Session

    I don't know how to enterpret the value "At End Of Session", but I expected a date and time value there(?) Could this somehow be related to this tag in web.config:

    <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="60">

    I'm thinking that this overrides the timeout?

    Regards,
    Thomas Kahn

  • Thomas Kahn 602 posts 506 karma points
    Jan 09, 2010 @ 16:05
    Thomas Kahn
    0

    I've been looking at forms authentication and the method for writing a cookie can take a boolean parameter that indicates whether the cookie should be persistent or not, like this:

    // Persistant cookie
    FormsAuthentication.SetAuthCookie("myCookie", true);

    // Non persistant cookie
    FormsAuthentication.SetAuthCookie("myCookie", false);

    The difference is that the persistant cookie will still be there even if the user closes the browser and it will be found the next time the user fires up the browser and goes to your site. The question is: how can control this?

    /Thomas

  • Thomas Kahn 602 posts 506 karma points
    Jan 09, 2010 @ 18:57
    Thomas Kahn
    0

    I downloaded the source code for the 4.0.3 version of Umbraco (Change Set 62014) and looked at the member class (Member.cs). The method used for logging in is called AddMemberToCache and it's overloaded:

    public static void AddMemberToCache(Member m)
    In this version SetAuthCookie is called like this: FormsAuthentication.SetAuthCookie(m.UniqueId.ToString(), true);

    and

    public static void AddMemberToCache(Member m, bool UseSession, TimeSpan TimespanForCookie)
    In this version SetAuthCookie is called twice in the same method(?!):

    1. FormsAuthentication.SetAuthCookie(m.UniqueId.ToString(), UseSession);
    2. FormsAuthentication.SetAuthCookie(m.UniqueId.ToString(), false);

    To me this looks like a bug, but I'm not very well oriented in the Umbraco source code so I could be wrong. It would be great if someone with more experience of the source code could take a look at this.

    Regards,
    Thomas Kahn

  • Thomas Kahn 602 posts 506 karma points
    Jan 22, 2010 @ 09:24
    Thomas Kahn
    0

    I'd like to know what the cookies of other Umbraco users look like. It's easy to find out by using FireBug.

    The reason is that I want to know if the problem with the "Remember me" function is an Umbraco problem or something else (perhaps it has something to do with me running IIS7 on Win 2008)?

    If I can't get this to work I will either have to revert back to some old control or simply remove the option. It would be nice to have that checkbox though...

  • Pete 152 posts 176 karma points
    Jan 28, 2010 @ 12:31
    Pete
    0

    I'm trying to remember what I changed to get this working.

    I don't believe it was an Umbraco problem as such. I think there were issues with incosistencies between the Umbraco Membership User and the implementation of a class inheriting that in the application I was working on. 

    I'm not sure if that makes much sense... basically MyApplication.User would be used/logged in in some instances and somehow not pass that login/persistent login to the Umbraco.User. 

  • Kris Dyson 54 posts 79 karma points
    Jun 14, 2010 @ 16:38
    Kris Dyson
    0

    Hi there, did anyone find out how to make Umbraco Login cookies persistent?  I take it from the above, the code overrides the web.config settings?

    thanks

    Kris

  • Thomas Kahn 602 posts 506 karma points
    Jun 18, 2010 @ 09:12
    Thomas Kahn
    0

    Hi Kristian!

    I haven't dug any deeper into this and my solution was to simply remove the persistent checkbox from the login form. Still, it looks like there are several users that have run into the same problem. I'll take a look at codeplex to see if there's an issue post submitted about this problem.

    /Thomas Kahn

  • Pete 152 posts 176 karma points
    Jun 23, 2010 @ 17:05
    Pete
    0

    My issue I think was a lack of integration between the various Membership users implemented in our application and perhaps my own lack of understand about how they integrate. From memory (it's a while ago) we have a Membership type specific to our app which integrates with (inherits from?) the Umbraco Membership which inherits from/implements the .NET membership I think?

    I was finding that logging in one of those was not logging in all of them, if that makes sense. I moved the authentication to a different Membership implementation but can't remember which, sorry!

  • Kris Dyson 54 posts 79 karma points
    Jun 24, 2010 @ 17:05
    Kris Dyson
    0

    Hi there, thanks for the info.  I have spent the best part of the afternoon looking into this; searching the latest Umbraco code-base, using Reflector and analysing the cookies being sent by the server on login.

    Unfortunately I have reached a blank.  I found the AddMemberToCache(Member m) method inside CMS/Members/Member.cs is the one utilised by the Login process.  This invokes SetAuthCookie(string username, bool persistentCookie) on FormsAuthentication.  The cookie being created should technically be persistent.  I have also reflected the .NET code and found it does get the Timeout item from the Authentication web.config section.

    However, when the cookie is finally sent through in Login response, there is no "expires=blah" appended to the cookie string in the raw response data (I used Fiddler2).

    So no answers yet...

    thanks

    Kris

  • Kris Dyson 54 posts 79 karma points
    Jul 19, 2010 @ 17:10
    Kris Dyson
    0

    The solution is to add RememberMeSet="true" to the ASP.NET Login control.

  • Ian Grainger 71 posts 135 karma points
    Mar 22, 2013 @ 18:34
    Ian Grainger
    2

    Original post removed.

    I had to set domain, but I also had to set the timeout. Apparently since .NET 2.0 the timeout for remember me defaults to 30 minutes, so I've set it to 4 weeks - remember me now works.

Please Sign in or register to post replies

Write your reply to:

Draft