Authentication (remember me) issue

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
12 years ago
Hi,

I noticed an issue with FormsAuthenticationService.

1. nopCommerce version: 2.0 release
2. No private modifications related to authentication
3. SQL Server 2008

Issue: user is not automatically logged in when opening a new session even if "Remember me" is checked.

How to reproduce:
1. Access the store's login page
2. Enter username, password and make sure "Remember me" is checked
3. Hit log in button
4. Close all browser windows
5. Open a new browser window and access the store: you're not logged in

Expected behavior: you should be logged in at this step since you ticked "Remember me"

Solution: In Nop.Services.FormsAuthenticationService.SignIn method, the ticket has an expiration date but not the cookie, hence it is discarded by the browser. The solution is to set Expires property on the cookie. Moreover, I think the _expirationTimeSpan field should be equal to FormsAuthentication.Timeout in the constructor so tha the value can be changed via the web.config.
Alexandre Soares
http://www.sowee.ca
1
12 years ago
Moreover, in my case, I needed to add a machineKey entry to my web.config since the machineKey defined in the machine.config file of my server was recreated each time the app pool was recycled. This caused all authentication tickets encrypted with the old machine key to become invalid with the new key, thus not authenticating the user.

Here's a link to a tool to generate such a key in case you're in the same situation as me:
http://aspnetresources.com/tools/machineKey

And the machineKey element on MSDN:
http://msdn.microsoft.com/en-us/library/w8h3skw9.aspx
Alexandre Soares
http://www.sowee.ca
0
12 years ago
Thanks for reporting this issue. It'll be fixed in the next release
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
0
3 years ago
I am trying to reduce the cookie expire time, so that whenever a user tries to access site after that particular period. He/She will be logged out forcefully.
But, expire time not working.

            //get date of cookie expiration
            //var cookieExpires = _cookieSettings.CustomerCookieExpires;
            //var cookieExpiresDate = DateTime.Now.AddHours(cookieExpires);

           //Adding 15 mins only
            var cookieExpiresDate = DateTime.Now.AddMinutes(15);
Sandeep Kumar
Nopcommerce Developer
Skype - sandeep18051989
Web - www.sandeeepk.me, www.ayushitatech.com
Mail - [email protected], [email protected]
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.