I never experienced this issue, maybe because I've added the domain attribute. Without that I had some issues loggin in onto the english version of the site.
Pick up a copy of fiddler and have a look at the requests and response going back and forth. Assume you are not blocking cookies, and you have had a look at your ie/firefox settings ? (I am sure you have.. but just a thought) Fiddler though might shed some more light on it. Sorry I could not be more help, just about to run into this area over the weekend. So maybe I will come into the same problems. Might want to try the latest release of umbraco and see if that solves the problems.
I don't know how to enterpret the value "At End Of Session", but I expected a date and time value there(?) Could this somehow be related to this tag in web.config:
I've been looking at forms authentication and the method for writing a cookie can take a boolean parameter that indicates whether the cookie should be persistent or not, like this:
// Non persistant cookie FormsAuthentication.SetAuthCookie("myCookie", false);
The difference is that the persistant cookie will still be there even if the user closes the browser and it will be found the next time the user fires up the browser and goes to your site. The question is: how can control this?
I downloaded the source code for the 4.0.3 version of Umbraco (Change Set 62014) and looked at the member class (Member.cs). The method used for logging in is called AddMemberToCache and it's overloaded:
public static void AddMemberToCache(Member m) In this version SetAuthCookie is called like this: FormsAuthentication.SetAuthCookie(m.UniqueId.ToString(), true);
and
public static void AddMemberToCache(Member m, bool UseSession, TimeSpan TimespanForCookie) In this version SetAuthCookie is called twice in the same method(?!):
To me this looks like a bug, but I'm not very well oriented in the Umbraco source code so I could be wrong. It would be great if someone with more experience of the source code could take a look at this.
I'd like to know what the cookies of other Umbraco users look like. It's easy to find out by using FireBug.
The reason is that I want to know if the problem with the "Remember me" function is an Umbraco problem or something else (perhaps it has something to do with me running IIS7 on Win 2008)?
If I can't get this to work I will either have to revert back to some old control or simply remove the option. It would be nice to have that checkbox though...
I'm trying to remember what I changed to get this working.
I don't believe it was an Umbraco problem as such. I think there were issues with incosistencies between the Umbraco Membership User and the implementation of a class inheriting that in the application I was working on.
I'm not sure if that makes much sense... basically MyApplication.User would be used/logged in in some instances and somehow not pass that login/persistent login to the Umbraco.User.
I haven't dug any deeper into this and my solution was to simply remove the persistent checkbox from the login form. Still, it looks like there are several users that have run into the same problem. I'll take a look at codeplex to see if there's an issue post submitted about this problem.
My issue I think was a lack of integration between the various Membership users implemented in our application and perhaps my own lack of understand about how they integrate. From memory (it's a while ago) we have a Membership type specific to our app which integrates with (inherits from?) the Umbraco Membership which inherits from/implements the .NET membership I think?
I was finding that logging in one of those was not logging in all of them, if that makes sense. I moved the authentication to a different Membership implementation but can't remember which, sorry!
Hi there, thanks for the info. I have spent the best part of the afternoon looking into this; searching the latest Umbraco code-base, using Reflector and analysing the cookies being sent by the server on login.
Unfortunately I have reached a blank. I found the AddMemberToCache(Member m) method inside CMS/Members/Member.cs is the one utilised by the Login process. This invokes SetAuthCookie(string username, bool persistentCookie) on FormsAuthentication. The cookie being created should technically be persistent. I have also reflected the .NET code and found it does get the Timeout item from the Authentication web.config section.
However, when the cookie is finally sent through in Login response, there is no "expires=blah" appended to the cookie string in the raw response data (I used Fiddler2).
I had to set domain, but I also had to set the timeout. Apparently since .NET 2.0 the timeout for remember me defaults to 30 minutes, so I've set it to 4 weeks - remember me now works.
"Remember me" not persisting
Basically, ticking the 'Remember me' checkbox on a standard asp.net login control does not keep the user logged in between browser sessions.
Has anyone has this issue with the umbraco 4 .net membership integration? Any idea where to start tracking down the problem?
In the web.config:
<authentication mode="Forms">
<forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" timeout="50000000" slidingExpiration="true" />
</authentication>
Anyone?
Logging someone in programmatically works but using the standard ASP.NET Remember Me check box doesn't.
The cookies that are written are quite different - when done programmatically, the cookie contains things like umbracoMemberGuid and umbracoMemberId.
Do I need to add some calls to the OnLoggingIn or something?
Hi Peter,
I never experienced this issue, maybe because I've added the domain attribute. Without that I had some issues loggin in onto the english version of the site.
Hope this helps you,
Richard
Thanks Richard.
I have added the domain attribute since the original post:
<forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" timeout="50000000" slidingExpiration="true" domain="playground.v2" />
No luck though.
I'm using Umbraco v 4.0.1 (Assembly version: 1.0.3373.718)
Pick up a copy of fiddler and have a look at the requests and response going back and forth. Assume you are not blocking cookies, and you have had a look at your ie/firefox settings ? (I am sure you have.. but just a thought) Fiddler though might shed some more light on it. Sorry I could not be more help, just about to run into this area over the weekend. So maybe I will come into the same problems. Might want to try the latest release of umbraco and see if that solves the problems.
Does anyone have more info regarding this?
I use the standard ASP.NET login control and in my web.config, the forms authentication is set up like this:
The cookie generated when I log in and check the remember me checkbox, looks like this (using the Web Developer plugin for Firefox):
I don't know how to enterpret the value "At End Of Session", but I expected a date and time value there(?) Could this somehow be related to this tag in web.config:
I'm thinking that this overrides the timeout?
Regards,
Thomas Kahn
I've been looking at forms authentication and the method for writing a cookie can take a boolean parameter that indicates whether the cookie should be persistent or not, like this:
The difference is that the persistant cookie will still be there even if the user closes the browser and it will be found the next time the user fires up the browser and goes to your site. The question is: how can control this?
/Thomas
I downloaded the source code for the 4.0.3 version of Umbraco (Change Set 62014) and looked at the member class (Member.cs). The method used for logging in is called AddMemberToCache and it's overloaded:
public static void AddMemberToCache(Member m)
In this version SetAuthCookie is called like this: FormsAuthentication.SetAuthCookie(m.UniqueId.ToString(), true);
and
public static void AddMemberToCache(Member m, bool UseSession, TimeSpan TimespanForCookie)
In this version SetAuthCookie is called twice in the same method(?!):
To me this looks like a bug, but I'm not very well oriented in the Umbraco source code so I could be wrong. It would be great if someone with more experience of the source code could take a look at this.
Regards,
Thomas Kahn
I'd like to know what the cookies of other Umbraco users look like. It's easy to find out by using FireBug.
The reason is that I want to know if the problem with the "Remember me" function is an Umbraco problem or something else (perhaps it has something to do with me running IIS7 on Win 2008)?
If I can't get this to work I will either have to revert back to some old control or simply remove the option. It would be nice to have that checkbox though...
I'm trying to remember what I changed to get this working.
I don't believe it was an Umbraco problem as such. I think there were issues with incosistencies between the Umbraco Membership User and the implementation of a class inheriting that in the application I was working on.
I'm not sure if that makes much sense... basically MyApplication.User would be used/logged in in some instances and somehow not pass that login/persistent login to the Umbraco.User.
Hi there, did anyone find out how to make Umbraco Login cookies persistent? I take it from the above, the code overrides the web.config settings?
thanks
Kris
Hi Kristian!
I haven't dug any deeper into this and my solution was to simply remove the persistent checkbox from the login form. Still, it looks like there are several users that have run into the same problem. I'll take a look at codeplex to see if there's an issue post submitted about this problem.
/Thomas Kahn
My issue I think was a lack of integration between the various Membership users implemented in our application and perhaps my own lack of understand about how they integrate. From memory (it's a while ago) we have a Membership type specific to our app which integrates with (inherits from?) the Umbraco Membership which inherits from/implements the .NET membership I think?
I was finding that logging in one of those was not logging in all of them, if that makes sense. I moved the authentication to a different Membership implementation but can't remember which, sorry!
Hi there, thanks for the info. I have spent the best part of the afternoon looking into this; searching the latest Umbraco code-base, using Reflector and analysing the cookies being sent by the server on login.
Unfortunately I have reached a blank. I found the AddMemberToCache(Member m) method inside CMS/Members/Member.cs is the one utilised by the Login process. This invokes SetAuthCookie(string username, bool persistentCookie) on FormsAuthentication. The cookie being created should technically be persistent. I have also reflected the .NET code and found it does get the Timeout item from the Authentication web.config section.
However, when the cookie is finally sent through in Login response, there is no "expires=blah" appended to the cookie string in the raw response data (I used Fiddler2).
So no answers yet...
thanks
Kris
The solution is to add RememberMeSet="true" to the ASP.NET Login control.
Original post removed.
I had to set domain, but I also had to set the timeout. Apparently since .NET 2.0 the timeout for remember me defaults to 30 minutes, so I've set it to 4 weeks - remember me now works.
is working on a reply...