Getting Logged out in few seconds

8 years ago
I'm facing problem of being loged out immedialy inspite of login in into nopcommerce 1.9. and 2.30. Please help me out asap.

Thanks in advance.



regards,

Dignesh Parmar
8 years ago
are you running the code locally or is it hosted on a hosting server like GoDaddy etc.
8 years ago
FormsAuthentication uses the machineKey (web.config) for encryption and decryption of the token. Often on shared hosts the machineKey is set to AutoGenerate which causes the token to be considered invalid (since the key for encryption and decryption is not the same). The solution is to fix a machineKey in your web.config:

Find more info here: http://msdn.microsoft.com/en-us/library/ie/eb0zx8fc.aspx
8 years ago
asoares is right.

Adding a machineKey fixes the problem of being logged out every 30 seconds or so. This is because the machineKey is required for forms authentication. I'm running nopCommerce 2.65.

First, you need to generate a machineKey. Got to http://aspnetresources.com/tools/machineKey
and generate the machineKey online. The generator will give you the code that you need to insert into web.config in your Nop.Web app.

The generated code will look something like this (by the way, don't copy and paste from here, generate your own code!):

<machineKey validationKey="D9A123CFA99A739E6397B6F15602C5C3BA32B7B30CCF259908CA8BCD955820F80B40920A217883994C62F687ACDC1668D23D47F2361BACF07A33EAD5C23B9257" decryptionKey="D788111905A577E2D8B1BB79E0BB969F3FD74AA025447949FDC95FF153712504" validation="SHA1" decryption="AES" />

Once you have the code like above, insert it inside your <system.web></system.web> tags in web.config. I put it right after the </authentication> tag like so:

<authentication mode="Forms">
  <forms name="NOPCOMMERCE.AUTH" loginUrl="~/login" protection="All" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>
<machineKey validationKey="D9A123CFA99A739E6397B6F15602C5C3BA32B7B30CCF259908CA8BCD955820F80B40920A217883994C62F687ACDC1668D23D47F2361BACF07A33EAD5C23B9257" decryptionKey="D788111905A577E2D8B1BB79E0BB969F3FD74AA025447949FDC95FF153712504" validation="SHA1" decryption="AES" />

That's all there is to it. No more being logged out, well, until the timeout in <authentication> occurs.