Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Rasmus Rasmussen 6 posts 85 karma points notactivated
    Aug 17, 2023 @ 07:14
    Rasmus Rasmussen
    0

    Login Remember Me Button

    Using Umbraco And Getting Started
    Umbraco 9

    Hello. I have implemented the member login and register functionality from the Umbraco Docs (Link to docs). The docs didn't show the remember me button, but it is present when you follow the docs.

    But no matter how many docs or forum posts I read, I can't find a way to change the default timeout for the remember me button. Code below shows the Macro snippet that Umbraco creates.

    @using (Html.BeginUmbracoForm<UmbLoginController>(
    "HandleLogin", new { RedirectUrl = loginModel.RedirectUrl })) {

        <h4>Log in with a local account.</h4>
        <hr />
        <div asp-validation-summary="ModelOnly" class="text-danger"></div>
        <div class="mb-3">
            <label asp-for="@loginModel.Username" class="form-label"></label>
            <input asp-for="@loginModel.Username" class="form-control" />
            <span asp-validation-for="@loginModel.Username" class="form-text text-danger"></span>
        </div>
        <div class="mb-3">
            <label asp-for="@loginModel.Password" class="form-label"></label>
            <input asp-for="@loginModel.Password" class="form-control" />
            <span asp-validation-for="@loginModel.Password" class="form-text text-danger"></span>
        </div>
        <div class="mb-3 form-check">
            <input asp-for="@loginModel.RememberMe" class="form-check-input">
            <label asp-for="@loginModel.RememberMe" class="form-check-label">
                @Html.DisplayNameFor(m => loginModel.RememberMe)
            </label>
        </div>
        <button type="submit" class="btn btn-primary">Log in</button>
    }

    EDIT: I have seen that you can create a global cookie in appsettings, but I need remember me to be able to be turned on or off.

    What I would like to ask is, how do I change the default timeout for the member that is signing in, with the remember me button?

    Thank you in advance. Kind regards

    Rasmus.

    Copy Link
  • Huw Reddick 1770 posts 6156 karma points MVP c-trib
    Aug 17, 2023 @ 15:29
    Huw Reddick
    100

    You can add this to the ConfigureServices method in startup.cs

    services.ConfigureApplicationCookie(options => options.ExpireTimeSpan = TimeSpan.FromDays(14));
    Copy Link
  • Rasmus Rasmussen 6 posts 85 karma points notactivated
    Aug 18, 2023 @ 08:41
    Rasmus Rasmussen
    0

    This is making a global cookie. It doesn't take the "Remember me" button into account.

    Copy Link
  • Huw Reddick 1770 posts 6156 karma points MVP c-trib
    Aug 18, 2023 @ 08:49
    Huw Reddick
    1

    Yes it does, it sets the expiry time of the authcookie set when you select rememberme

    Copy Link
  • Huw Reddick 1770 posts 6156 karma points MVP c-trib
    Aug 18, 2023 @ 08:53
    Huw Reddick
    1

    Cookie without rememberme

    .AspNetCore.Identity.Application    Expires/Maxage  Session

    cokie with rememberme set with 14 day timeout

    .AspNetCore.Identity.Application    Expires/Maxage  2023-09-01T08:50:1
    Copy Link
  • Rasmus Rasmussen 6 posts 85 karma points notactivated
    Aug 18, 2023 @ 09:03
    Rasmus Rasmussen
    0

    I see the same results as you, but the user still gets logged out after the same time frame.

    I do see the same cookies as you:

    Not pressed button:

    .AspNetCore.Identity.Application Expires/Maxage Session

    Pressed button:

    .AspNetCore.Identity.Application Expires/Maxage Fri, 18 Aug 2023 08:57:09 GMT

    My testing is as follows: One user press the remember me button, and logs in. Then wait for the amount of time the cookie is set to. Then refreshes the browser.

    Another user doesn't press the remember me button, and logs in. Then wait for the amount of time the cookie is set to. Then refreshes the browser.

    Both gets logged out at the same time.

    Another test: Both users refresh the browser before the cookie expires. Both remains logged in.

    At this point, I'm not really sure why both users gets logged out at the same time, even if one has not pressed the button.

    Copy Link
  • Huw Reddick 1770 posts 6156 karma points MVP c-trib
    Aug 18, 2023 @ 10:11
    Huw Reddick
    1

    Are you maybe confusing session timeout and authentication timeouts, they are not the same thing.

    if Session times out before the Authentication cookie - they are still authenticated, but all their session variables disappear, and may cause errors in your website if you are not disciplined in checking for nulls and other conditions brought about by missing session.

    If Authentication times out before the session, then all their session variables will still exist, but they won't be able to access protected resources until they log back in again.

    Copy Link
  • Rasmus Rasmussen 6 posts 85 karma points notactivated
    Aug 18, 2023 @ 11:11
    Rasmus Rasmussen
    0

    I see what you mean. I realized my testing was wrong. I set the ExpireTimeSpan to be 2 minutes to see the result faster. But after a lot more testing, it works. Thank you for your patience :)) and I apologise for my flawed testing.

    Copy Link
  • Huw Reddick 1770 posts 6156 karma points MVP c-trib
    Aug 18, 2023 @ 11:30
    Huw Reddick
    1

    No problem :) These subtleties can be difficult to get your head round sometimes.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft