Session Variables Get Lost On Browser Close

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sanndeb
    New Member
    • May 2010
    • 33
    #1

    Session Variables Get Lost On Browser Close

    I'm creating a site and needs some help. Below is my authentication tag and session tag in web.config
    Code:
    <authentication mode="Forms">
<forms protection="All" loginUrl="Pages/Log In/Login.aspx" name=".ASPXFORMSAUTH" cookieless="UseCookies" requireSSL="false" 
defaultUrl="Pages/Common/Default.aspx" enableCrossAppRedirects="false"  slidingExpiration="true" timeout="30" path="/"> 
</forms>
</authentication>

<sessionState mode="InProc" timeout="30" cookieless="false" cookieName=".ASPSession"/>

And I have a custom Membership Providor....

<membership defaultProvider="SqlMemberShipProvider" userIsOnlineTimeWindow="15" hashAlgorithmType="">
      <providers>
        <clear/>
        <add
          name="SqlMemberShipProvider"
          type="RoalManagement.SqlMemberShipProvider"
          connectionStringName="SqlServices"
          enablePasswordRetrieval="true"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          writeExceptionsToEventLog="true"
          applicationName="OnlineOnTheWeb"
          minRequiredPasswordLength="6"
          passwordStrengthRegularExpression="^.*(?=.{6,50})(?=.*[a-z])(?=.*[A-Z])(?=.*[\d\W]).*$"
          maxInvalidPasswordAttempts="3"
          requiresUniqueEmail="true"
          />
      </providers>
    </membership>
    Now in login page after firsttime login i set some session data... like
    Code:
    protected void Login_LoggedIn(object sender, EventArgs e)
{
    //.....
    Session["EMPLOYEELOGGEDIN"] = "Y";
    //.....
}
    Now say i close the browser... and next time when i open the site it takes me directly to the default page [Login_LoggedIn is not called accordingly]... because i'm already logged in for 30 mins acc. to configuration.

    but as my session id gets changed i can't access Session["EMPLOYEELOGGED IN"] from any page in this time. It always returns null.

    But how do i get back the previous session for that person?
    Last edited by Frinavale; May 18 '10, 01:23 PM. Reason: Please post code in [code]...[/code] tags. Added code tags.
    Tags: None
    • Frinavale
      Recognized Expert Expert
      • Oct 2006
      • 9749
      #2
      You need to use a persistent cookie....to identify the Session with the browser used ASP.NET sets a Session Identifier cookie. You need to change this cookie to a longer expiration period.

      This will also depend on how the user has set up their browser. If their browser clears all cookies upon closing (as I have mine set up to do) the the Session identifier cookie will be deleted too.

      You could consider using Cookieless Session; however you should look into the security issues that come with this setup (the Session Identifier is in the URL and can be copied/pasted in another browser...)

      -Frinny

        Comment

        • sanndeb
          New Member
          • May 2010
          • 33
          #3
          Originally posted by Frinavale
          You need to use a persistent cookie....to identify the Session with the browser used ASP.NET sets a Session Identifier cookie. You need to change this cookie to a longer expiration period.

          This will also depend on how the user has set up their browser. If their browser clears all cookies upon closing (as I have mine set up to do) the the Session identifier cookie will be deleted too.

          You could consider using Cookieless Session; however you should look into the security issues that come with this setup (the Session Identifier is in the URL and can be copied/pasted in another browser...)

          -Frinny
          Ok I changed my login page's button commandname and on its click event the code is like...
          Code:
          protected void LoginButton_Click(object sender, EventArgs e)
        {
            if (Membership.ValidateUser(Login.UserName, Login.Password))
            {
                FormsAuthentication.Initialize();
                var fat = new FormsAuthenticationTicket(1, Login.UserName,DateTime.Now, DateTime.Now.AddMinutes(30), true, "", FormsAuthentication.FormsCookiePath);
                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat))
                                     {Expires = DateTime.Now.AddMinutes(30)};
                Response.Cookies.Add(authCookie);
                Session["EMPLOYEEID"] = Login.UserName;
                }
                Response.Redirect(FormsAuthentication.GetRedirectUrl(Login.UserName, true));
            }
            else
            {
                Login.FailureText = "Unable To LogIn...";
            }
        }
          Now after i close & reopen the browser me automatically gets logged in but in the default page Session["EMPLOYEEID "] is still null.... :(

            Comment

            • ThatThatGuy
              Recognized Expert Contributor
              • Jul 2009
              • 453
              #4
              Originally posted by sanndeb
              Ok I changed my login page's button commandname and on its click event the code is like...
              Code:
              protected void LoginButton_Click(object sender, EventArgs e)
        {
            if (Membership.ValidateUser(Login.UserName, Login.Password))
            {
                FormsAuthentication.Initialize();
                var fat = new FormsAuthenticationTicket(1, Login.UserName,DateTime.Now, DateTime.Now.AddMinutes(30), true, "", FormsAuthentication.FormsCookiePath);
                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat))
                                     {Expires = DateTime.Now.AddMinutes(30)};
                Response.Cookies.Add(authCookie);
                Session["EMPLOYEEID"] = Login.UserName;
                }
                Response.Redirect(FormsAuthentication.GetRedirectUrl(Login.UserName, true));
            }
            else
            {
                Login.FailureText = "Unable To LogIn...";
            }
        }
              Now after i close & reopen the browser me automatically gets logged in but in the default page Session["EMPLOYEEID "] is still null.... :(
              As Frinny... recommended you... must use Cookies ...
              instead of Session Variables....

              Session variables persist till the browser gets closed .... you have to use cookies..
              here's a short tutorials
              ASP.NET Cookies Overview
              http://msdn.microsoft.com/en-us/library/ms178194.aspx

                Comment

                • Frinavale
                  Recognized Expert Expert
                  • Oct 2006
                  • 9749
                  #5
                  Well at least you're getting logged in :)
                  Instead of using Session to store the EMPLOYEEID, have you considered storing it in the identity? That way it's available to identify the user when they are logged in on any page.

                  -Frinny

                    Comment

                    • sanndeb
                      New Member
                      • May 2010
                      • 33
                      #6
                      Originally posted by ThatThatGuy
                      As Frinny... recommended you... must use Cookies ...
                      instead of Session Variables....

                      Session variables persist till the browser gets closed .... you have to use cookies..
                      here's a short tutorials
                      http://msdn.microsoft.com/en-us/library/ms178194.aspx
                      Thanks Friend... Will look at it and let you know

                      @Frinny : just not employeeid, if i need to store the groups the user belong or say if he is an admin or not... etc... where do i store them? if i get automatically logged in i can't set them... :(

                        Comment

                        • Frinavale
                          Recognized Expert Expert
                          • Oct 2006
                          • 9749
                          #7
                          Well, you could consider using Forms Authentication.
                          This information will stored in a database and an Identity for the user will be created when they log in.

                          You should really look into Forms Authentication(here's another Forms Authentication overview), and Membership and Roles to get started.

                          -Frinny

                            Comment

                            • sanndeb
                              New Member
                              • May 2010
                              • 33
                              #8
                              Originally posted by Frinavale
                              Well, you could consider using Forms Authentication.
                              This information will stored in a database and an Identity for the user will be created when they log in.

                              You should really look into Forms Authentication(here's another Forms Authentication overview), and Membership and Roles to get started.

                              -Frinny
                              Thanks... Just started reading :)

                                Comment

                                Previous template Next
                                Working...