Organizational Research By

Surprising Reserch Topic

authentication session cookie deleting after browser close using -',authentication,session,cookies,persistent'

authentication session cookie deleting after browser close  using -',authentication,session,cookies,persistent'

What are the exact steps required for a cookie to persist after a browser is closed? At the moment I have:

createPersistentCookie set to true on LoggedIn event.
MachineKey specified.
Forms sliding expiration set to true.

As long as the browser is open, the user will stay logged in, but as soon as it's closed, and it doesn't matter for how long, the user will need to log in again. What am I missing?

I went through the article pointed out by marapet (see comments below) and it made me interested in whether the ticket does indeed have IsPersistent flag, which it does. The decrypted ticket looks like this:
CookiePath: "/"
    Expiration: {19/08/2010 17:27:14}
    Expired: false
    IsPersistent: true
    IssueDate: {19/07/2010 17:27:14}
    Name: "alex"
    UserData: ""
    Version: 2
All the details are correct, and correspond to those I set in LoggedIn event. More over the cookie value I can retrieve from the cookie directly, is identical to this one. Yet as soon as I close the browser, the cookie is lost.

What I have noticed, however, is that the cookie carrying the ticket has it's date reset for some reason. Firstly I can't override settings in web.config, so at the end of LoggedIn event it's Expires property is 4000 minutes after issue date, not a month which I am setting programmatically. Then after page load the cookie I retrieve with FormsAuthentication.FormsCookieName has Expires property of 01/01/0001. I think perhaps this is where the problem lies? Any thoughts would be appreciated.

I am changing both title and tags to include session, as it turned out to be relevant for the problem/solution

asked Sep 7, 2015 by rajesh
0 votes

Related Hot Questions

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
Anti-spam verification:
To avoid this verification in future, please log in or register.