locked
Remember me / Remember me NOT RRS feed

  • Question

  • User-708344877 posted

    Okay, I've been all over this site, and all over the Internets trying to figure out why that stupid "remember me" box doesn't remember me for more than 20 minutes or so.  It seems that no matter what I do, the persistence is no more than a session-type implementation.  I've added the following to my web.config in the <system.web> section:

    <authentication mode="Forms">
    <
    forms cookieless="UseCookies" domain="dallaspistol.com" />
    </
    authentication>

    In an effort to force the use of persistent cookies.  Nada. Nothin'. Zip.  20-30 minutes, and it's login-again-time.  That sucks. 

    In Login.aspx, I've set the RememberMeSet attribute to "true" in the Login control (<asp:Login ID="Login1" runat="server" RememberMeSet="true">).  Again, no change in behavior.

    This seems like a simple thing to do, but darned if I can figure it out.  I want the "Remember Me" to work until I explicitly log out, period.  Remember me for forever, or even a couple of weeks, or something. 

    Surely I'm missing something simple.  I throw myself on the mercy of this forum.  Help.

    jr

    Friday, July 7, 2006 10:45 AM

All replies

  • User654902800 posted

    There was a weird change in 2.0 - details here:

    http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx

    Baiscally the difference between remember me, and not remember me, is that 'remember me' will survive a browser restart. So you can set the timeout to some long value per the above article. What is weird though is that means the session timeout (for those who do not choose remember me) will be that same length, as long as they keep the browser running. You might like that, you might not. I always thought it was a good idea to time somebody out pretty fast if the browser was idle and they had not asked for a persistent cookie. To do that now you have to mess with the auth code a bit (again see that article).

    Friday, July 7, 2006 12:21 PM
  • User-708344877 posted

    Yeah, it looks like the timeout parameter did the trick.  It's a little less convenient than the old way of setting an expiration date for the cookie (which, IMHO, makes a lot more sense).  But I don't run a multi-bazillion dollar corporation, do I?

    Thanks a lot - great reference, too.

    jr

    Friday, July 7, 2006 1:01 PM
  • User654902800 posted
    Brilliant avatar, JimBob :)
    Friday, July 7, 2006 2:13 PM