Why is my ASP.NET MVC persistent auth cookie not working?
Solution 1
Solved from comment from @alexl:
you can check this answer: Making user login persistant with ASP .Net Membership
Ok, this link seemed to sort it for me - sticking with SetAuthCookie and tweaking my config to explicitly set the cookie name (in the web.confg), and all is working now. Weird! –
Solution 2
I'd better create myself a cookie using authentication ticket.
SetAuthCookie
creates an auth ticket under the hood. Have you tried making your own auth ticket? It will let you store extra data on it.
Here's an example :
// create encryption cookie
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
userName,
DateTime.Now,
DateTime.Now.AddDays(90),
createPersistentCookie,
string.Empty);
// add cookie to response stream
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
System.Web.HttpCookie authCookie = new System.Web.HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
if (authTicket.IsPersistent)
{
authCookie.Expires = authTicket.Expiration;
}
System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);
Hope this helps.
Matt Roberts
Updated on January 18, 2020Comments
-
Matt Roberts over 4 years
I'm using ASP.NET MVC 3, with forms authentication (based on modified vanilla account code you get with file->new).
When you login, I am setting an auth cookie with
FormsAuthentication.SetAuthCookie(userName, true);
So this should set a persistent cookie. But if I close the browser and re-open, when I browse to the site I am forced to log in again! I can see using chrome dev tools that the cookie (.ASPXAUTH) is being created and not being deleted when I close the browser, so what's happening?
My web.config:
<authentication mode="Forms"> <forms loginUrl="~/Account/LogIn" timeout="10000"/> </authentication>
I'm testing this locally, under IIS if that makes any difference.
-
Matt Roberts over 12 yearsThanks. So I shouldn't use SetAuthCookie at all? The MSDN documentation tells me to use that to create an auth cookie which can be persistent. Also, the vanilla code for a new MVC app uses SetAuthCookie - is that wrong?
-
Tomasz Jaskuλa over 12 yearsSetAuthCookie() is doing globally the same. It's just weird because it seems it doesn't work all the time. I prefer to create myslef an authentication ticket and add it to the response stream.
-
Tomasz Jaskuλa over 12 yearscheck also the link @alexl posted as a comment to your question.
-
Matt Roberts over 12 yearsSeem to have it working now (see comment on question), using SetAuthCookie. Thanks.