"Remember Me" with asp.net web pages

c# asp.net razor webmatrix
CarolK picture CarolK · Aug 6, 2013 · Viewed 21.6k times · Source

I realize that this question may have been asked before, but I can't find anything that matches my situation exactly.

I created a website using the WebMail helper in ASP.Net web pages (not web forms) and WebMatrix. Users are required to login to the website, and there is a "Remember me" box that (in theory) will keep the user logged in until he/she chooses to log out. The website does keep users logged in if they close the browser and reopen it within 20-30 minutes. However, after 20-30 minutes of not accessing the website, the user is logged out. (As an aside, this problem seems to exist even with the WebMatrix template "Starter Site".)

I've tried multiple solutions, many of which were posted on Stack Overflow, but nothing seems to work.

Answer

Artless picture Artless · Aug 6, 2013

EDIT 2

The cookie used by Forms Authentication is called ".ASPXAUTH" and by default set to expire after 30 minutes.

Go to your web.config and find the authentication element. You can set the cookie expiration time (in minutes) there, like such:

<system.web>
    <authentication mode="Forms">
        <forms loginUrl="~/Account/Login" 
               name="myCookie"                  <!-- optional, if you want to rename it -->
               timeout="2880" />                <!-- expires in 48 hours -->
    </authentication>
</system.web>

OR

If the config fails you, try this article: Link

You'll need to clear any existing auth tickets and create your custom one. It boils down to this piece of code you need to execute if the user selected the remember me option:

    if (rememberMe)
    {
        // Clear any other tickets that are already in the response
        Response.Cookies.Clear(); 

        // Set the new expiry date - to thirty days from now
        DateTime expiryDate = DateTime.Now.AddDays(30);

        // Create a new forms auth ticket
        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, loginModel.UserName,  DateTime.Now, expiryDate, true, String.Empty);

        // Encrypt the ticket
        string encryptedTicket = FormsAuthentication.Encrypt(ticket);

        // Create a new authentication cookie - and set its expiration date
        HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
        authenticationCookie.Expires = ticket.Expiration;

        // Add the cookie to the response.
        Response.Cookies.Add(authenticationCookie);
    }

Related questions

How to Kill A Session or Session ID (ASP.NET/C#)

How can I destroy a session (Session["Name"]) when the user clicks the logout button? I'm looking through the ASP.NET API Reference on MSDN and it doesn't seem to have much information. It seems rather limited. But I cannot …

Read More
Razor C# - Get data from database

I am using WebMatrix, I have created a database and put a table with a few rows of data. I can connect to it and get the data with the WebGrid, but it only provides a way to output the …

Read More
How to get current page URL in MVC 3

I am using the Facebook comments plugin on a blog I am building. It has some FBXML tags that are interpreted by the facebook javascript that is referenced on the page. This all works fine, but I have to pass …

Read More