ansaurus

Question

"Remember me" with ASP.NET MVC Authentication is not working

Answer 1

+1 A:

You need to generate a persistent cookie in the controller method that handles logon when the Remember Me box is checked. If you are using RedirectFromLoginPage, set the createPersistentCookie argument to true.

tvanfosson 2009-02-05 00:25:44

I now create the cookie with the following code.if (rememberMe){HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, true);cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 0, 0, 0));Response.Cookies.Add(cookie);}how do i check if there is a valid cookie with the request?

Tomas Lycken 2009-02-05 00:33:37

I think if you get a valid session cookie, the user will be set in the HttpContext and they won't be directed to your logon page by the AuthorizationAttribute.

tvanfosson 2009-02-05 00:38:50

Answer 2

+7 A:

You need to pass true/false to the SetAuthCookie method.

public ActionResult Login (string email, string password, bool rememberMe, string returnUrl)
{

// snip

FormsAuth.SetAuthCookie(username, rememberMe); // <- true/false

// snip

}

and make sure that bool rememberMe reflects the status of the checkbox on your login page.

Todd Smith 2009-02-05 00:28:31

I did this, with the immediate effect that when I log in, close the browser, re-open it and browse to the site, I am instantly logged in again - even if I'm not trying to view pages that require me to be. Is this the way it's supposed to be, or am I making it too easy for me?

Tomas Lycken 2009-02-05 00:44:19

The createPersistentCookie of SetAuthCookie is causing a cookie to be saved on the user's system which keeps them logged in. So yes, this is what that parameter does. There are two other items which control logins which are "Session timeout" and "Authorization timeout".

Todd Smith 2009-02-05 19:46:37

ansaurus

tags:

views:

answers:

"Remember me" with ASP.NET MVC Authentication is not working

related questions