Hi. I changed over from the in process membership provider to the sql membership provider to stop people losing their sessions when the website process recycled, but sessions still seem to time out.
Are there any other things (apart from the session timeout variable set in the web.config) that would cause a session to timeout when using sql membership provider. I want the session to persist even when the user closes and opens the browser. Must I do anything special to do that?
I don't think it is possible to persist a session after closing a Window. The user account is indexed by a session cookie and this is deleted when they close the window.
What you could do is to store user profile information and restore it when they log in or otherwise identify themselves (e.g. normal cookies).
Oh. That sucks. So will I have to store/read this to/from the cookie manually or is there any way to tell the ASP.NET forms login system to use persistent cookies? I vaguely remembering seeing a 'Remember Me' check box in one of the login user controls. Is this just UI fluff or is there some implementation behind it?
With persistent cookies ('the remember me checkbox'), the user is logged in by 3 days. If you want to make this window bigger, you'll need to build it yourself.
You're confusing session (which by its nature expires and should be for transient data only applicable to a single session) and profiles. You can use the membership database features of ASP.NET to set persistent settings, but they will only reappear if a user remains logged in.
However ... there is also anonymous identification. You can enable this in web.config
<anonymousIdentification enabled="true"/>
And then mark your profile settings as available to an anonymous user;
<profile>
<properties>
<add name="Name" allowAnonymous="true" />
</properties>
</profile>
The anonymous cookie lasts for about 70 days. If you decide to support registration and full blown membership you'd need to move the anonymous settings to a user's settings when they register.