Breedlove: c# - asp:Login with LayoutTemplate creates persistent cookie regardless whether remember me is checked -

Monday 15 August 2011

c# - asp:Login with LayoutTemplate creates persistent cookie regardless whether remember me is checked -

using .net 4 , asp.net login command custom layout template when sign in, regardless whether remember me checkbox checked or not, command seems create authentication cookie , maintain me signed in until explicitly sign out clicking sign out button. closing browser while still signed in not sign me out.

can help explain might causing this?

<asp:login id="login1" runat="server" onloggingin="login1_loggingin" onloggedin="login1_loggedin" onloginerror="login1_loginerror">     <layouttemplate>         <asp:panel runat="server" defaultbutton="btnlogin">             <label>email</label>&nbsp;<div class="required">*</div>&nbsp;             <asp:requiredfieldvalidator runat="server" controltovalidate="username" display="dynamic" errormessage="required" initialvalue="" setfocusonerror="true" validationgroup="login" /><br />             <asp:textbox runat="server" id="username" class="input" validationgroup="login" />             <label>password</label>&nbsp;<div class="required">*</div>&nbsp;             <asp:requiredfieldvalidator runat="server" controltovalidate="password" display="dynamic" errormessage="required" initialvalue="" setfocusonerror="true" validationgroup="login" /><br />             <asp:textbox runat="server" id="password" textmode="password" class="input" style="margin:0 0 6px 0;" validationgroup="login" />             <asp:checkbox runat="server" id="rememberme" text="remember me" cssclass="remember-me" />             <asp:linkbutton runat="server" id="btnlogin" commandname="login" text="sign in" cssclass="login-button" validationgroup="login" />         </asp:panel>     </layouttemplate> </asp:login>   protected void login1_loggingin(object sender, logincanceleventargs e) {     string username = login1.username.trim();      if (isvalid)     {          membershipuser user1 = membership.getuser(username);         if (user1 != null)         {             if (membership.validateuser(user1.username, login1.password))             {                  login1.username = user1.username;             }         }     }   protected void login1_loggedin(object sender, eventargs e) {     if (roles.isuserinrole(login1.username, "users"))     {         response.redirect("users.aspx", true);     }  <authentication mode="forms">     <forms timeout="129600" name=".authcookie" protection="all" slidingexpiration="true" path="/" requiressl="false" loginurl="~/login.aspx" cookieless="usecookies"/> </authentication>

got answer... geez finally!

    <asp:login id="login1" runat="server" onloggingin="login1_loggingin">         <layouttemplate>             <asp:panel runat="server" defaultbutton="btnlogin">                 <label>email</label>&nbsp;<div class="required">*</div>                 &nbsp;     <asp:requiredfieldvalidator runat="server" controltovalidate="username" display="dynamic" errormessage="required" initialvalue="" setfocusonerror="true" validationgroup="login" /><br />                 <asp:textbox runat="server" id="username" class="input" validationgroup="login" />                 <label>password</label>&nbsp;<div class="required">*</div>                 &nbsp;     <asp:requiredfieldvalidator runat="server" controltovalidate="password" display="dynamic" errormessage="required" initialvalue="" setfocusonerror="true" validationgroup="login" /><br />                 <asp:textbox runat="server" id="password" textmode="password" class="input" style="margin: 0 0 6px 0;" validationgroup="login" />                 <asp:checkbox runat="server" id="rememberme" text="remember me" cssclass="remember-me" />                 <asp:linkbutton runat="server" id="btnlogin" commandname="login" text="sign in" cssclass="login-button" validationgroup="login" />             </asp:panel>         </layouttemplate>     </asp:login>

protected void login1_loggingin(object sender, logincanceleventargs e) {     if (isvalid)     {         if (formsauthentication.authenticate(login1.username, login1.password))         {             formsauthentication.redirectfromloginpage(login1.username, false);         }     } }

web.config:

<authentication mode="forms">     <forms timeout="129600" name=".authcookie" protection="all" slidingexpiration="true" path="/" requiressl="false" loginurl="~/login.aspx" cookieless="usecookies">         <credentials passwordformat="clear">             <user name="test" password="test"/>         </credentials>     </forms> </authentication>

additional notes:

in web application, have folder called "protected" , file within called "users.aspx" , file called web.config. web.config within of "protected" folder has next not allow anonymous users , allow "test" user:

<configuration>     <system.web>         <authorization>             <deny users="?"/>             <allow users="test"/>         </authorization>     </system.web> </configuration>

i closed chrome instances after logging in, went users.aspx page, , certainly enough, asked log in again! know code isn't have should able modify code adopt this.

c# asp.net

Breedlove

Monday 15 August 2011

c# - asp:Login with LayoutTemplate creates persistent cookie regardless whether remember me is checked -

No comments:

Post a Comment