tags:

views:

438

answers:

2
+1  Q: 

How to update last login date if "Remember Me" set?

When a user logs in to my site, the date of the visit is stamped in the database (User table). This is handled by the (custom) membership provider. However, if the user checks the "Remember me?" option when logging in, they are (naturally) not prompted to log in on subsequent visits. As the membership provider is not employed in this situation, the last login date is not updated in the database.

Using forms authentication, how can I ensure that the last login date is updated on each new visit to the site, rather just when they physically log in? Is there any event I can hook into to achieve this?

I can't use session state, as it is completely disabled in the web site I'm developing (the session module has been removed).

Thanks

+1  A: 

I'm assuming that you are using cookies (I can't see how the "Remember me" would work otherwise).

When a user logs-in, set two cookies, one permanent (if Remember Me is checked) and one temporary (this session-only). The second is what you use to authorize the user.

So, on a page where a user needs to be logged in, look for the session cookie. If found, continue as normal. If not found, look for the permanent cookie, if found, look the user in, set the log-in date, and set the session cookie. (If the permanent cookie isn't found, he just not logged in).

James Curran  2009-03-25 14:55:08
I went with a variation on this: I create a non-persistent cookie when the user first authenticates. Subsequent authentication requests are intercepted and, if the cookie does not exists, it is created and the last login dat updated.
Milky Joe  2009-03-25 15:50:31
A: 

Assuming you are talking about ASP.NET 2.0 (given the membership provider comment).

Wherever you are checking the cookie to see if the user should be autologged in, you should call out to the membership provider's GetUser function which takes a boolean to update the user's activity date.

Per the MSDN docs:

MembershipProvider.GetUser Method

Takes, as input, a unique user identifier and a Boolean value indicating whether to update the LastActivityDate value for the user to show that the user is currently online. The GetUser method returns a MembershipUser object populated with current values from the data source for the specified user. If the user name is not found in the data source, the GetUser method returns null (Nothing in Visual Basic).

David Archer  2009-03-25 14:56:00
Thanks for the prompt reply. I am using ASP.Net 3.5. I am not checking the cookie myself - .Net is dealing with it automatically. I don't know how/where to hook into the step where .Net performs its cookie checks.
Milky Joe  2009-03-25 15:10:53

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps