I have a login system using FormsAuthentication that for some reason is logging me out when closing and opening the browser. Here is how I have setup my login code:
FormsAuthenticationTicket ticket;
ticket = new FormsAuthenticationTicket(1, tbUsername.Text, DateTime.Now, DateTime.Now.AddYears(1), true, string.Empty, FormsAuthentication.FormsCookiePath);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.HttpOnly = true;
//Add the cookie to the request
Context.Response.Cookies.Add(cookie);
As you can see I have set the cookie to be persistent across sessions. Here is my web.config part:
<authentication mode="Forms">
<forms slidingExpiration="false" loginUrl="~/Login.aspx" name="BOIGAUTH" defaultUrl="~/Admin/Settings.aspx"/>
</authentication>
Also, SessionState is disabled on this particular application. Anyone know what is wrong?
Btw leaving the application browser on for more than 2 hours kept me logged in even though I did not interact with the website. The cookie is only being lost when closing the browser.
If you don’t set expiration on cookie it will be browser-session-only cookie and disappear after you close all instances of browser.
You need to set some expiration on your cookie for it to be persistent with Expires property.
Side note: make sure your browser is not configured to clear all cookies on close.