locked
Remeber me next time RRS feed

  • Question

  • User-778692258 posted

    Does anyone other than me find that this doesn't really work right?  The one thing I'm unsure of is whether it's flat out not working or if it's working, but the feature is only set to "remember me" for x minutes and then it "forgets me". 

     So I have two questions

    • Is there something that has to be tweaked to get it to actually remember me since checking the box doesn't seem to work?
    • What is the expiration on the cookie (I assume it's a cookie) once someone checks the "remember me" checkbox?

    Thanks!

    Friday, July 27, 2007 10:35 AM

Answers

  • User-1199946673 posted

    You're not the first to be caught out on either count: mis-spelling "Remember", or assuming that the Login control works out-of-the-box. 

    I'm not only assuming that the Login control works out-of-the-box, I know it! The article you're refering is incorrect. The only thing you'll have to do is setting it up in web.config. EYSpeed used protection="Validation", this should be protection="All". Don't forget to provide the name (of the cookie)!

    <forms loginUrl="Login.aspx" protection="All" timeout="60000" name=".aName" slidingExpiration="true" />

    And also make sure that you'll have a machinekey in the web.config, as I've said before, otherwise everytime the application recycles you're logged out also!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 13, 2007 11:03 PM

All replies

  • User-821857111 posted

    Does anyone other than me find that this doesn't really work right?  The one thing I'm unsure of is whether it's flat out not working or if it's working, but the feature is only set to "remember me" for x minutes and then it "forgets me". 

     So I have two questions

    • Is there something that has to be tweaked to get it to actually remember me since checking the box doesn't seem to work?

     

    Very probably.  Did you add the code for the cookie: http://www.codeproject.com/useritems/Remember_me_next_time.asp?

    Friday, July 27, 2007 12:02 PM
  • User-778692258 posted

    Gotta love it when you start of embarrassing yourself by spelling the topic name wrong.  I'm such a dope!! HAHA

     Thanks for the reply Mike.  I assumed (apparently foolishly) that if MS was going to include a "Remember Me" checkbox in their Login control that it would atually work.  LOL  I give this code a try and see what happens.

     Thanks!

    Friday, July 27, 2007 12:42 PM
  • User-821857111 posted

    Gotta love it when you start of embarrassing yourself by spelling the topic name wrong.  I'm such a dope!! HAHA

     

    You're not the first to be caught out on either count: mis-spelling "Remember", or assuming that the Login control works out-of-the-box. 

    Friday, July 27, 2007 3:13 PM
  • User595806616 posted

    The issue out of the box is that the "Remember Me" checkbox is tied to the forms authentication cookie. The default timeout for that cookie is 30 minutes. So when someone says "Remember Me", they're remembered for 30 minutes. I think it was a poor choice for a default as I've seen it cause people grief over and over. You can change the default using the following section in the web.config. Timeout is set in minutes.

    <authentication mode="Forms">
     <forms loginUrl="Login.aspx" protection="Validation" timeout="5000000" requireSSL="false"/>
    </authentication>

    Also, we all mishpell :)

    Saturday, July 28, 2007 1:04 PM
  • User-778692258 posted

    Here is my current code and still no luck.  It seems that after 30 mins, it logs you out.  :(

     

    <authentication mode="Forms">
    	<forms loginUrl="Login.aspx"
    		protection="Validation"
    		timeout="5000000"
    		requireSSL="false" />
    </authentication>
    <authorization>
    	<allow users="*"/>
    </authorization>
    <globalization requestEncoding="utf-8"
                    responseEncoding="utf-8"/>
    <membership>
    <providers>
         <add name="DefaultMembershipProvider"
              type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="LocalSqlServer"
              enablePasswordRetrieval="false"
              enablePasswordReset="true"
              requiresQuestionAndAnswer="false"
              applicationName="/"
              requiresUniqueEmail="true"
              minRequiredPasswordLength="8" 
              minRequiredNonalphanumericCharacters="0"
              passwordStrengthRegularExpression=""
              passwordFormat="Hashed"
              passwordAttemptWindow="10" />
    </providers>
    </membership>
     On a side note, the minRequiredPasswordLength and minRequiredNonalphanumericCharacters lines in the provider section aren't working either.
    Tuesday, July 31, 2007 11:17 AM
  • User-842092983 posted

    I think the answers so far is very confusing. I am not sure yet if the Remember me is not working or the cookie timeout is not right. I am not sure if EYSpeed understand it yet, but I don't.

     

    Tuesday, November 13, 2007 3:57 PM
  • User-1199946673 posted

    Generate a machine key using this online tool and place it in your web.config.

    For an explanation, read this

    Tuesday, November 13, 2007 4:26 PM
  • User-842092983 posted

    I guess people ask questions here because they are not that smart to figure out everything by themselves. They expect the answers is clear enough.

    so now we have three solutions

    1, Handle cookie with your own code, that is the first link. but it is hardly convinceful as the code write user password into cookie directly.

    2, Form timeout,  the default timeout is 30 minute, if we change it to 30000 minutes, user session will never expire, sounds good.  But what about user not set "remember me"?

    3, Machinekey. I have the machine key already, not sure what is this for, is this the requirement for Form Authorization? sounds like that, but does it mean you can solve the "remember me" problem once it is there? obviously not, I can not see the logic, and it doesn't work for me neither.

    Tuesday, November 13, 2007 6:07 PM
  • User-842092983 posted

    Looks like the second one - Form timeout is the solution, explains in this article http://scottonwriting.net/sowblog/posts/11167.aspx

    if you don't choose "remember me", once you close the browse and open again, you need authorize again. If you check "Remember me", you don;t need login in the period of the timeout set in the Form setting. Which is 30 Minutes.

    The only question is the "remember me" here doesn't work like the general "rememer me" on other system, I remember usually "remember me" only autofill your username, and you have to login again. Maybe only bank sites work this way? Not quite sure.

    Tuesday, November 13, 2007 6:18 PM
  • User-778692258 posted

    I've never had much luck with this.  I'm trying the machine key thing now, but I expect that after 30 minutes, it'll make me log in again.  Remember me should remember me.  Period.  I shouldn't have to log in again in 30 minutes or two days.  I know some sites can set it to remember for two weeks or a year or whatever and if I can do that in the web.config and set it to remember for a year, I'm cool with that.  I just wish the process were a little more straight forward (ie - it works out of the box as expected).  We'll see what happens with this machine key thing.  The one thing that may be hurting me is that my application is not running in the root folder of the website.  Due to that, I had given up on this ever working.  I'll let ya'll know what happens.

    Tuesday, November 13, 2007 6:35 PM
  • User-1199946673 posted

    You're not the first to be caught out on either count: mis-spelling "Remember", or assuming that the Login control works out-of-the-box. 

    I'm not only assuming that the Login control works out-of-the-box, I know it! The article you're refering is incorrect. The only thing you'll have to do is setting it up in web.config. EYSpeed used protection="Validation", this should be protection="All". Don't forget to provide the name (of the cookie)!

    <forms loginUrl="Login.aspx" protection="All" timeout="60000" name=".aName" slidingExpiration="true" />

    And also make sure that you'll have a machinekey in the web.config, as I've said before, otherwise everytime the application recycles you're logged out also!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 13, 2007 11:03 PM
  • User-778692258 posted

    hans is king!!! LOL

     he sent me the following "dumbed down" web.config.  I changed the appropriate sections (like rolemanager and the forms section) and it works like a charm!  Thank you so much for the help.  I had totally given up on this ever working and my faith has been restored! LOL

     

     

    <?xml version="1.0"?>
    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    
      <connectionStrings>
    		<add name="AccessFileName" connectionString="~/App_Data/ASPNetDB.mdb" providerName="System.Data.OleDb"/>
    	</connectionStrings>
    
      <system.web>
        <machineKey
          validationKey='466E50333AF2EE430A5AC8C215AE68E00B11D41076481702BAA875ED35ACDA2BD31F754C205191B6413A0D4882E1F595691920D1C9FE74462F1F3459B18DAEF8'
          decryptionKey='88012DD1114FCA6DBFB107B2EA5C2CEB201996E12C2FCD34'
          validation='SHA1'/>
    
        <membership defaultProvider="AccessMembershipProvider">
    			<providers>
    				<clear/>
    				<add name="AccessMembershipProvider" type="Samples.AccessProviders.AccessMembershipProvider, ASP.NET_Access_Providers" connectionStringName="AccessFileName" enablePasswordRetrieval="false" enablePasswordReset="false" requiresUniqueEmail="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" applicationName="/" hashAlgorithmType="SHA1" passwordFormat="Hashed"/>
    			</providers>
    		</membership>
    
        <roleManager enabled="true" defaultProvider="AccessRoleProvider" cacheRolesInCookie="true" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All">
    			<providers>
    				<add name="AccessRoleProvider" type="Samples.AccessProviders.AccessRoleProvider, ASP.NET_Access_Providers" connectionStringName="AccessFileName" applicationName="SampleSite"/>
    			</providers>
    		</roleManager>
    
        <compilation debug="true">
    			<assemblies>
    				<add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    				<add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    				<add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    				<add assembly="System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    			</assemblies>
    		</compilation>
    
        <authentication mode="Forms">
    			<forms loginUrl="Login.aspx" protection="All" timeout="60000" name=".ASPXAUTH" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false"/>
    		</authentication>
    
      </system.web>
    
    </configuration>
     
    Tuesday, November 20, 2007 7:31 PM