current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 6 down vote favorite

I'm using ASP.NET MVC 3, with forms authentication (based on modified vanilla account code you get with file->new).

When you login, I am setting an auth cookie with 

FormsAuthentication.SetAuthCookie(userName, true);

So this should set a persistent cookie. But if I close the browser and re-open, when I browse to the site I am forced to log in again! I can see using chrome dev tools that the cookie (.ASPXAUTH) is being created and not being deleted when I close the browser, so what's happening?

My web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogIn" timeout="10000"/>
</authentication>

I'm testing this locally, under IIS if that makes any difference.

share|improve this question
1  
you can check this answer: stackoverflow.com/questions/682788/… –  alexl Jan 13 '12 at 14:51
1  
Ok, this link seemed to sort it for me - sticking with SetAuthCookie and tweaking my config to explicitly set the cookie name (in the web.confg), and all is working now. Weird! –  Matt Roberts Jan 13 '12 at 15:20
    
@Matt Roberts - I have no idea why but setting the cookie name fixed it for me too. You'd think it'd just work with the cookie being domain specific etc. Is this a bug in MVC or .NET maybe? –  Greg May 4 '12 at 22:38
add comment

2 Answers 2

up vote 4 down vote

I'd better create myself a cookie using authentication ticket. SetAuthCookie creates an auth ticket under the hood. Have you tried making your own auth ticket? It will let you store extra data on it.

Here's an example :

// create encryption cookie         
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, 
        userName, 
        DateTime.Now,
        DateTime.Now.AddDays(90),
        createPersistentCookie, 
        string.Empty);

// add cookie to response stream         
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);    
System.Web.HttpCookie authCookie = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (authTicket.IsPersistent) 
{     
      authCookie.Expires = authTicket.Expiration; 
}
System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);

Hope this helps.

share|improve this answer
    
Thanks. So I shouldn't use SetAuthCookie at all? The MSDN documentation tells me to use that to create an auth cookie which can be persistent. Also, the vanilla code for a new MVC app uses SetAuthCookie - is that wrong? –  Matt Roberts Jan 13 '12 at 14:54
    
SetAuthCookie() is doing globally the same. It's just weird because it seems it doesn't work all the time. I prefer to create myslef an authentication ticket and add it to the response stream. –  Thomas Jaskula Jan 13 '12 at 15:01
    
check also the link @alexl posted as a comment to your question. –  Thomas Jaskula Jan 13 '12 at 15:07
    
Seem to have it working now (see comment on question), using SetAuthCookie. Thanks. –  Matt Roberts Jan 13 '12 at 15:20
add comment
up vote 1 down vote accepted

Solved from comment from @alexl:

you can check this answer: Making user login persistant with ASP .Net Membership

Ok, this link seemed to sort it for me - sticking with SetAuthCookie and tweaking my config to explicitly set the cookie name (in the web.confg), and all is working now. Weird! –

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.