asp.net mvc - Cookie expires or session timeout too soon -



asp.net mvc - Cookie expires or session timeout too soon -

i have code run when user authorized:

formsauthenticationticket authticket = new formsauthenticationticket( 1, email, datetime.now, datetime.now.addminutes(120), true, userdata); string encticket = formsauthentication.encrypt(authticket); httpcookie facookie = new httpcookie(formsauthentication.formscookiename, encticket); facookie.expires = authticket.expiration; response.cookies.add(facookie);

i redirect controller/action has authrize attribute:

[authorize] public class productscontroller : controller {

i have next in web.config:

<authentication mode="forms"> <forms loginurl="~/home/unauthorized" timeout="2880" /> </authentication> <sessionstate timeout="120"></sessionstate>

however users complaining of session timing out or redirecting home/unauthorized after couple of mins of inactivity.

what causing this, else should check?

a couple of thoughts before go possible solution of why logins expiring. first, formsauthentication cookie , sessionstate 2 different things completely. can have 1 or other, or both or neither. result, timeouts these 2 items not related.

the formsauthentication cookie encrypted cookie contains basic info such user name , expiration value. .net application uses cookie 1 time user has authenticated know if user authorized resources.

what controls encryption , decryption of formsauthentication cookie machinekey web application on iis. machinekey set of keys used encrypt , decrypt cookie. default, web application on iis set autogenerate machine key. means when application starts, random machine key generated. if application recycles, new machine key. additionally, if hosting on shared provider, web host typically have application load balanced, meaning hosted more 1 server. each 1 of servers auto generate machine key.

if web application on load balanced scenario, each machine in web farm cannot decrypt other's encrypted cookie. give appearance of "being logged out". illustration of logging in on web server a, subsequent request goes web server b. web server b not share machine key web server , cannot decrypt cookie, sending user login page.

the solution define machinekey section in web.config each instance of iis utilize same keys if application pool recycles, still have same machine key.

here example machine key place in web.config

<system.web> <machinekey validationkey="ebc1ef196cac273717c9c96d69d8ef314793fce2dbb98b261d0c7677c8c7760a3483dde3b631bc42f7b98b4b13efb17b97a122056862a92b4e7581f15f4b3551" decryptionkey="5740e6e6a968c76c82bb465275e8c6c9ce08e698ce59a60b0beb2aa2da1b9ab3" validation="sha1" decryption="aes" /> </system.web>

additional thoughts expiration in web.config (2880) , setting expiration (120) not match. may want them both match.

asp.net-mvc session forms-authentication session-cookies

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more