ASP.NET MVC RememberMe

Question

After searching a lot i did not get any answers and finally i had to get back to you. Below i am explaining my problem in detail. It\'s too long, so please don\'t quit readi

Answer 1

That's not a problem, it's a feature :)

The user's session hasn't expired yet so, even if they close and reopen the browser, the cookie is still good.

It's the cookie's expiration that invalidates the user's session.

Answer 2

Just a quick note about using membership auth ticket in a shared environment for anyone who may land here with that issue. I've got an mvc site runnig at godaddy and had trouble with remember me. This was the solution:

<system.web>
<machineKey
  validationKey="4C6404A3B305CD6E8CFEAC258F042FB95E45E9C3C2CEC3AAB838996CFBE661E41DF1A1BAC75B9B45E02147612FD9B71CA74DDA50B0D0D6ED11F0BB8E31048953"
  decryptionKey="BC471CF17A97B08A9DF85C7B502AD95680E3BE4418FD9C6CEA57E7F97ED64291"
  validation="SHA1" decryption="AES"
/>

Thanks to : http://www.geekfreeq.com/aspnet-remember-me-option-forms-authentication-not-working/

Answer 3

What you want to do is have a different timeout when the RememberMe option is checked, than when it is unchecked. Unfortunately, the SetAuthCookie method does not allow you to set the expiration manually, so you'll have to do that yourself.

The problem is then, how to do that?

ASP.NET MVC uses the FormsAuthentication class of System.Web.Security to do that, because it's not trivial if you also want to support the configuration settings and cookieless browsing and SSL, but I think that if you simply do this:

int timeout = rememberMe ? 525600 : 30; // Timeout in minutes, 525600 = 365 days.
var ticket = new FormsAuthenticationTicket(userName, rememberMe, timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = System.DateTime.Now.AddMinutes(timeout);// Not my line
cookie.HttpOnly = true; // cookie not available in javascript.
Response.Cookies.Add(cookie);

...you'll get a basic version of what you need.

NOTE: I did not test this code.

Answer 4

Kevin and Dave,you guys rock, man.

Dave, in addition to your code i had to add one more line to make it work. I mean to make it remember for at least one year. I had to assign value to cookie.Expires in addition to your code to make it work. If this line cookie.Expires is not set the cookie is lost after computer restart i mean at the end of the session. I noticed this in FireFox. I Went through the details of cookie and i found: If cookie.Expires is not set then value for "Expires:" attribute in Firefox is "At the end of the session" but if cookie.Expires is set then the value for "Expires:" attribute in Firefox is to the datetime the cookie.Expires value was set.

Here is the code:

int timeout = createPersistentCookie ? 525600 : 2; // Timeout in minutes,525600 = 365 days
var ticket = new FormsAuthenticationTicket(userName,createPersistentCookie,timeout);            
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = System.DateTime.Now.AddMinutes(timeout);//My Line
HttpContext.Current.Response.Cookies.Add(cookie);

Thank you guys, that was really a great solution.

Answer 5

I had implemented same thing and when i test it it works fine in Mozila but not working in IE8 for all pc, i also had updated setting to accept cookies in IE but still not working.

Internet Explorer 8.x

1. Click on the Tools-menu.
2. Select Internet Options in the menu - a new window opens.
3. Click on the Privacy tab near the top of the window.
4. Click on the Default button of the window.
5. Move the slider so that it is on one of the levels below Medium High (including Medium, Low, Accept All Cookies).
6. Save changes by clicking OK.
7. You should be able to add items to your shopping cart now.