I found this code online and it claims it sets a persistent cookie that will keep you logged in for an extended period of time (which is set in the forms timeout area of the web.config file), but it's not keeping me logged in like I'm wanting. It seems to keep me logged in as long as the browser is open (haven't tried it beyond a period of several hours though), but when I return to the site the next day, I have to login again.
I even see a cookie in my browser that appears to be set properly. It's saying the cookie name is "_ga" and it expires in about a year, then there's a cookie named ASP.NET_SessionId that expires at the end of the session.*EDIT* Actually, the _ga cookie may be from Google Analytics...if so, I'm seeing no cookie in my firefox browser other than the normal cookies that expire at the end of the session.
Here's my code from the code behind for the login page:
protected void LoggingIn(object sender, EventArgs e)
{
string username = Login1.UserName;
if (Login1.RememberMeSet)
{
FormsAuthentication.SetAuthCookie(username, true);
FormsAuthentication.RedirectFromLoginPage(username, true);
}
else
{
var authTicket = new FormsAuthenticationTicket(username, true, 1);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket)
{
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL,
Path = FormsAuthentication.FormsCookiePath,
Domain = FormsAuthentication.CookieDomain,
Expires = authTicket.Expiration
};
Response.Cookies.Set(cookie);
}
}Also, I don't understand the purpose of the code in the else{} area? Is it even necessary? Seems like if the user doesn't check the "Remember Me" box during login, asp.net will just log them in for the set session length anyway (20 min), right?