Home/ Questions/Q 6629375
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T22:15:05+00:00

I am using Asp.Net Membership and when user enters correct username and password I

  • 0

I am using Asp.Net Membership and when user enters correct username and password I sign him in using:

FormsAuthentication.SetAuthCookie(String, Boolean)

If I create a persistent cookie then I think my membership will still be able to work but my session data will be null.

This is really annonying and introducing a whole lot of bugs in my application. How can I handle this?

Should I handle global.asax’s Application_AuthenticateRequest and check if the userId which I store in session is null and Membership.GetUser() is not null, then I should store ProviderUserKey (Guid) again in Session.

Is this a reasonable approach or is there any better way of handling this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You must configure your session and authcookie’s life-time in your web.config file. See:

    <forms timeout="5" />

<sessionState timeout="5" />

    Forms are used for authentication and when it times out it will logout
    user. You can ‘prevent’ timeout by setting SlidingExpiration property
    to ‘true’ and it will renew forms ticket on user activity (read
    request to asp) if needed. This will keep user logged on while he is
    ‘active’ on your site.

    and

    When session times out you will lose data found in Session object.

    Your problem may may be of this issue. Your auth-cookie is alive, but the session is timed-out. User is logged-in, but the session-variables are destroyed! Check this configuration in your app.

    See this Q also

    • 0