stackoom
  简体   繁体   中英

Set how long a user is remembered with forms authentication

 原文  2014-09-11 19:58:26       c#/ asp.net/ webforms

Question

In my asp.net web forms application I am using forms authentication. I am confused on this thing:

My web.config has: 

  <authentication mode="Forms">
    <forms loginUrl="Login.aspx" defaultUrl="Welcome.aspx">
    </forms>
  </authentication>

and my login button looks like this: 

    protected void Login_Click(object sender, EventArgs e)
    {
        if (AuthenticateUser(UserNametxt.Text, Passwordtxt.Text))
        {
            FormsAuthentication.RedirectFromLoginPage(UserNameTextBox.Text, RememberMeCheckBox.Checked);
        }
        else
        {
            MessageLbl.Text = "Wrong UserName and/or Password.";

        }
    }

<forms > has a property timeout="" that you can set. I understand that by default that property is 30 or 30 minutes. I thought that this timeout property was to set how long users who checked my checkbox to be remembered would be remembered for with FormsAuthentication.RedirectFromLoginPage(UserNameTextBox.Text, RememberMeCheckBox.Checked) , but from what I read online it looks like the timeout property is how long you can be idle on a webpage before being signed out.

If this is true, how can I set how long a user is remembered by checking the RememberMeCheckBox with forms authentication?

2 answers

solution1
 1 ACCPTED  2014-09-11 21:03:48

I understand that by default that property is 30 or 30 minutes. I thought that this timeout property was to set how long users who checked my checkbox to be remembered would be remembered for with FormsAuthentication.RedirectFromLoginPage(UserNameTextBox.Text, RememberMeCheckBox.Checked)

Yes, you are correct. FormsAuthentication timeout default value is 30 minutes .

what I read online it looks like the timeout property is how long you can be idle on a webpage before being signed out.

It is called SessionState time out. SessionState time out default value is 20 minutes .

Updated for the Comment (9/12/2014)

So if I set the SessionState timeout to say, 48hrs, does that mean that users who click my "remember me" checkbox will be remembered and automatically authenticated with forms authentication on that website for 48hrs? (given my above code)

If you set SessionState time out to 48 hours, after a user logins, the user can leave the browser idle up to 48 hours without logging-out.

So the Answer for your question is No.

In your question, you just want a user not require to login for 48 hours. If so, you need to set FormAuthentication time out to 48 hours.

The following setting sets the persistent cookie expire in 48 hours. 

<authentication mode="Forms">
   <forms ... timeout="2880">
   </forms>
</authentication>

solution2
 -1  2014-09-11 20:03:17

You need to do this by using Cookies and setting their expiration date-time. If Cookie exists, delete it. Set a new cookie with your preferred expiration date-time.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login not remembered in Nancy.Authentication.Forms? How to set value to User.Identity.IsAuthenticated as false in Forms Authentication How to lock user using forms authentication How to check if user is logged in or not in forms based authentication Forms Authentication: How to handle unauthorized authenticated user MVC4 - Setting custom user data in forms authentication ticket causes the forms authentication cookie to not get set? Possible to authenticate/retrieve user on intranet when set to Forms authentication? user login not being remembered WEB API Forms Authentication - Where can i set Roles for a User How to get Windows user credentials using forms authentication?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM