C# - FormsAuthenticationTicket Expires Too Soon
Feb 3, 2011
This is my function that is called when a login is successful. (I am very new to this FormAuthentication thing)
public static void CreateLoginCookie(User u)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(u.Id.ToString(), true, 9*60);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = DateTime.Now.AddHours(9) };[code]....
I want the user stay logged in for 9 hours, but it doesn't work. They get logged out after an hour or two.
Could someone tell me what I am missing?
View 1 Replies
Similar Messages:
Feb 13, 2010
I'm using Forms authentication in my application but I'm not using the Membership that's built into .NET.
How do I automatically send user to login page when his/her FormsAuthenticationTicket expires? I just don't want a user log in and leave a page on their computer screen long after their session has expired. I'd like to make sure that as soon as the user's
FormsAuthenticationTicket has expired, I send them to login page.
View 1 Replies
Mar 23, 2010
when i read msdn.
i saw 2 things token and formsauthentication ticket..
can anybody tell me the Difference between token and FormsAuthenticationTicket ?
View 15 Replies
Mar 13, 2010
I'm trying to dynamically create a url containing a FormsAuthenticationTicket that can then be emailed to a user who has forgotten their password. Then when the user follows the url they will be authenticated by the ticket in the url and be able to access the reset password page
I have tried creating a FormsAuthenticationTicket object and encrypting it but the string it produced seems way longer than the hash in the urls produced when using cookieless authentication.
What I want to do is produce a url say
eg. http://www.mysite.com/lkdjlkj_hashcode_lkoiojiionki/reset.aspx
that will be recongnised by cookieless authentication. But as I said the hash I come up with seems way to long and just not right at all.
you can see how long and different it is here by pressing the forgot password button..
[URL]
it says in the docs for FormsAuthenticationTicket that the encrypted ticket can be stored in a url. but I want to make it the same as those used by cookieless authentication so that it is recognised straight away.
View 3 Replies
Nov 18, 2010
My website has a payment page from where the wesite is redirected to paypal.com and after the payment is processed will be returned to my wesite.... But problem is that " when the payent is made and redirected for the first time from any browser the AuthenticationTicket is getting expired. this is only for the first time but after that it works fine". can any help me with this issue driving me crazy.. and also i hate set the expiration time for 7 days....
View 2 Replies
Feb 22, 2010
The thing is that in my web application user login form (FormsAuthenticationTicket) and a session variable which does not expire on time together ..!
I have a login page where I make a FormsAuthenticationTicket and a session ...
My problem after a little time out my session, but my FormsAuthenticationTicket not do it ..
Can I somehow do that when my session expires varbial so FormsAuthenticationTicket also will expired ..
Here in my login page and logout:
[Code]....
View 1 Replies
Dec 20, 2010
I'm implementing an authentication timeout detection mechanism per a previous question and answer of mine here. I've implemented an HTTP module that uses the AuthenticateRequest event to run code to capture whether the authentication period has expired. The code to do this is below:
public class AuthenticationModule : IHttpModule
{
#region IHttpModule Members
void IHttpModule.Dispose() { }
void IHttpModule.Init(HttpApplication application)
[Code]....
The problem is that, once the authentication period has expired (I set it to 1 min to test), there is no longer a forms cookie (see comment in code). This means that the authentication cookie will be null, and I won't make it past the null check in my code. But there's a convenient "Expired" property for a FormsAuthenticationTicket that I feel like I should be checking to see if the period is expired. But how do I get that far if the cookie is no longer there? Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?
View 1 Replies
Feb 19, 2010
I'm not using the Membership framework built into .NET but I'm using FormsAuthenticationTicket to make sure user is logged in. I have an object for my users in my application -- let's call it MyAppUser object. Can I save this in the FormsAuthenticationTicket as opposed to saving some string?
If I can't do that, I can save the object in session but I'm a little worried that session and FormsAuthenticationTicket will get out of synch.
View 1 Replies
Sep 21, 2010
when a user logins into my site i create the following authenticate ticket:
// Create the authentication ticket
var authTicket = new FormsAuthenticationTicket(1, // Version
userName, // Username [code]...
The problem i have is that if an administrator changes a user's role or time zone then the next time they return to the site their ticket is not updated (if they selected remember me when logging in).Here's my authentication settings incase it helps:
<authentication mode="Forms">
<forms timeout="10080" slidingExpiration="true" />
</authentication>
<membership userIsOnlineTimeWindow="15" />
I've been reading up on slidingExpiration but as far as i can tell it only increases the expiration time and doesn't renew the contents of the cookie.
View 1 Replies
Apr 27, 2010
I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance
View 4 Replies
Feb 1, 2011
I'm am building an web application that needs to be able to scale.We want to store, an connection string, an object that says what organization the user is working on right now and the identity of the user.
We could serialize down this and send through the userdata property in the FormsAuthenticationTicket, but that feels to not be the optimal solution, cause its is 4-5 strings of data that is unncessesary, but the main issue is that we are sending an encrypted connectionstring to the user which we dosent want to.
So what are our options?Can ASP.NET Cache be our solution?, can we couple the expiration of the asp.net cache and the formsauthenticationcookie?
View 2 Replies
Jan 19, 2010
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
View 2 Replies
Apr 30, 2010
I have a web application developed using VB .Net 2003, and is running ASP Net 1.1.
The application is running fine on all browser, except for the login/authentication control that doesn't work properly on Chrome.
We have different types of users using the website, and each user type has different menu items displayed for.
The problem is, if a user logs on with let's say Admin account, and logs off and later logs on again using student account, the user still gets the Admin menu, and of course vice versa.
I'm not sure if I'm doing something wrong, or there is something I'm missing here.
On more thing, if the timeout period reached, and the session was timed out , and the user (regardless of the type) tries to log on again, he is successful on all browser except on Chrome again!, where it keeps telling the session was timed out, and never logs on again until clearing the cookies.
This is what i have in my application web.config
<!-- Authentications -->
authentication mode="Forms">
<forms loginUrl="index.aspx" name="authCookie" protection="All" timeout="60" path="/"></forms>
</authentication>
[Code]....
View 2 Replies
Dec 20, 2010
I'm trying to check the Expired property of the user's current FormsAuthenticationTicket to see if the authentication period has expired. But when the period has expired, I'm never able to get enough information to even create the ticket to check. I've tried this:
FormsIdentity id = (FormsIdentity)User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
But User is null when the authentication period has expired. So that won't work. I've tried this:
HttpCookie authCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
But the Forms Cookie is gone when the authentication period has expired, meaning authCookie will be null. So that doesn't work.
Is there any way to actually get the FormsAuthenticationTicket object when the authentication period has expired? There must be, because there's an "Expired" property in the object.
View 2 Replies
Jan 7, 2010
I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.
Documentation found on:
[URL]
[Code]....
Here is my code:
Web.config:
[Code]....
Login.aspc.cs:
[Code]....
Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.
View 1 Replies
Aug 2, 2010
I have implemented my own custom MembershipProvider with a custom data store. No problems so far. I would like for people to login using their email instead of a username. Because I have my own data store, this is not a major issue, I can just pass the email as the username for the MembershipProvider.
My question is, how do I store additional custom user data along in the FormsAuthenticationTicket? I want to store a couple of things that will never change, such as their UserId, First/Last Name and Country. I started looking into creating FormsAuthenticationTicket with the UserData, but quickly got confused. How do I store multiple things into this UserData, and how do I easily read this data back on every single ASP.NET MVC2 page. I found many samples, none that really seemed that great in terms of MVC2. There has to be a simple way to do this.
It would make no sense to read the UserId, First/Last Name and the Country from a database on each and every request because it would never change. Plus, while I want the user to login using their email, I'd want to store their UserId in the auth cookie so that it can be used in nearly every user related database query rather than the email (because in all the tables, the user data is stored along with the UserId - not the email because technically the email could be changed - I already figured that stuff out when it comes to the MembershipProvider).
What is the best practices for storing additional user data like this in ASP.NET MVC2?
View 7 Replies
Oct 27, 2010
I am using forms authentication in asp.net application. This is working fine in internet explorer. Opening application in firefox is also fine but when i login in second instance of firefox, application in first instance logs out. Following is my code for creating ticket and cookie.
FormsAuthenticationTicket objTicket = new
FormsAuthenticationTicket(1, sUserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false,
"");
HttpCookie objCookie = new
HttpCookie(FormsAuthentication.FormsCookieName);
objCookie.Value = FormsAuthentication.Encrypt(objTicket);
objCookie.Expires = DateTime.Now.AddHours(1);
HttpContext.Current.Response.Cookies.Add(objCookie);
View 1 Replies
Jan 13, 2010
I want to know page name when session expires so that I redirect user to that page after relogin. I am checking session in Master page's page load event
View 4 Replies
Jul 13, 2010
I'm wanting to show a video when a person comes to the site and doesn't have a cookie. After they see the video, a cookie is added, but when the cookie expires, the video is played again.
if (Request.Cookies["x"] != null)
{
//do nothing
}
else
{
ModalPopupExtender1.Show();
Response.Cookies["x"].Value = DateTime.Now.ToString();
Response.Cookies["x"].Expires = DateTime.Now.AddHours(24);
}
I would think this would work correctly, however the movie only shows if the browser is cleared of all cookies. 24hrs later the movie will not play.
View 2 Replies
Nov 16, 2010
I am using Session variable throughout in my application and my timeout is 1 hour. Here I need to catch the exception for session expires in any global way across my application.
View 3 Replies
Feb 8, 2010
How to write to a file the content of cache when Cache expires.
View 1 Replies
Aug 16, 2010
I want to display a pop up when the session expires. I'm using the MVC 1 and jquery. I've some .aspx and some .ascx pages.
How do i achieve that? Right now, the application redirects to Login page. But before login page shows up, i want to display the message.
View 1 Replies
Aug 18, 2010
How does session expires when the browser is closed?
View 4 Replies
Aug 29, 2010
i want your opinion about the
Response.AddHeader("Refresh", Convert.ToString((Session.Timeout * 60) - 20))that i have seen in some sites that is used for refresh the page every time a little bit before the session expires
View 5 Replies
Aug 2, 2010
i host my web site into a shared hosting and i need to set expiration header using iis but i didn't find my hosting allow this feature so , is there any way to set it into my web configuration or into my code ??
View 2 Replies
