Remember me functionality in ASP.NET Form Authentication doesn't work

I'm using ASP.NET forms authentication for logging users into a website we're developing.

Part of the functionality is a "Remember me" checkbox which remembers the user for a month if they check it.

The code for logging the user in is as follows:

public static void Login(HttpResponse response, string username,
  bool rememberMeChecked)
{
  FormsAuthentication.Initialize();
  FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(1, username, DateTime.Now,
    DateTime.Now.AddMinutes(30), rememberMeChecked,
    FormsAuthentication.FormsCookiePath);
  HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(tkt));
  ck.Path = FormsAuthentication.FormsCookiePath;

  if (rememberMe)
    ck.Expires = DateTime.Now.AddMonths(1);

  response.Cookies.Add(ck);
}

The relevant section in the web.config is this:

<authentication mode="Forms">
  <forms loginUrl="Home.aspx" defaultUrl="~/" slidingExpiration="true" timeout="43200" />
</authentication>

This logs the user fine but logs them out after half an hour if they don't use the site, although its persistence property (rememberMeChecked) is set to true and if it is true, the cookie is set to expire after a month. Is there something I'm missing here?

Thanks in advance, F

Is form authentication deprecated?

Microsoft will deprecate Basic Authentication effective October 1, 2022.

Which namespace allows us to use forms authentication?

Web. Security namespace provides assorted methods for logging in and logging out users via the forms authentication system.

What is form authentication in ASP.NET with example?

Form authentication is cookie based, as ASP.NET places a cookie in the client machine in order to track the user. If the user requests a secure page and has not logged in, then ASP.NET redirects him/her to the login page. Once the user is authenticated, he/she will be allowed to access the requested page.

It looks like your authentication ticket is still configured to expire after half an hour, even if the cookie itself expires in 30 days. You probably have to extend the ticket's lifetime too:

public static void Login(HttpResponse response, string username,
    bool rememberMeChecked)
{
    DateTime expiration = DateTime.Now.AddMinutes(30);
    if (rememberMe) {
        expiration = DateTime.Now.AddMonths(1);
    }

    FormsAuthentication.Initialize();
    FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(1, username,
        DateTime.Now, expiration, rememberMeChecked,
        FormsAuthentication.FormsCookiePath);

    HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
        FormsAuthentication.Encrypt(tkt));
    ck.Path = FormsAuthentication.FormsCookiePath;
    response.Cookies.Add(ck);
}

Remember me functionality in ASP.NET Form Authentication doesn't work

Tags:

c#

forms-authentication

remember-me

Michael

People also ask

1 Answers

Frédéric Hamidi

Recent Activity

Donate For Us

Remember me functionality in ASP.NET Form Authentication doesn't work

Tags:

c#

forms-authentication

remember-me

Michael

People also ask

1 Answers

Frédéric Hamidi

Related questions

Recent Activity

Donate For Us