Alexey - this issue is different than my other question about totally DISABLING cookies. The issue I am having is that the LOGIN itself doesn't appar to be remember me after I LOGIN. That is, when I LOGIN, I am gettting timed-out after 20 mins. What I am attempting to do is allow a member to remain logged in for say 6 months and not have to re-login again every time they come back to the site. I have been playing with and researching this for well over a week now and can't seem to get this configured properly. Can you offer some guidance? I have included my web.config below. Here's what I *do* know based on the cookie file being generated:
- The .CSWINGANONOMOUS is the *only* cookie being generated. I open the www.cityswingsf.com file (temporary internet files) and that is the only thing in it.
- The Session cookie is an in-memory cookie and is not serialized to disk. So I shouldn't expect to see that on disk.
Here is my entire web.config file ... in case I'm not undertsanding the specific area that is causing my grief... Thanks so much.
LOGIN not remembering my info - forcing me to re-LOGIN after 20 mins.
Alexey - wanted to provide an update to this.
I have been on contact with my Hosting site tech group. Evidentially, I fall in the category of “unclear on the concept” with this LOGIN control.
They say everything is working as designed. That is, there is in fact a large TIMEOUT set (500000) … and that only manages the session timeout as long as the browser window is OPEN.
So, I tested their theory today by opening my browser window to my site (www.cityswingsf.com) ... I logged in and then just left it open. I returned to the site about an hour later and when I press F5 - or attempt to refresh my secured page - it immediately jumps to the LOGIN page. This is very strange ... I can now understand the Session State cookie issue when a browser closes, but not this situation whereby I leave it up. I can provide a login ID for you (via email) if you would like to see this for yourself.
I have been on contact with my Hosting site tech group. Evidentially, I fall in the category of “unclear on the concept” with this LOGIN control.
They say everything is working as designed. That is, there is in fact a large TIMEOUT set (500000) … and that only manages the session timeout as long as the browser window is OPEN.
So, I tested their theory today by opening my browser window to my site (www.cityswingsf.com) ... I logged in and then just left it open. I returned to the site about an hour later and when I press F5 - or attempt to refresh my secured page - it immediately jumps to the LOGIN page. This is very strange ... I can now understand the Session State cookie issue when a browser closes, but not this situation whereby I leave it up. I can provide a login ID for you (via email) if you would like to see this for yourself.
Honestly, I'm not sure. It's taken me weeks to get CoreLab implemented. If I need to redesign the system to use another provider (e.g, SQL), I won't be able to test it as I don't have that installed on my Hosting site. Hence why I went with CoreLab's product.Alexey wrote:Is this behaviour provider-specific?
See previous.Alexey wrote:Can the same be observed with SQL data provider?
I'm not sure what you mean by "test" project. Do you mean all of my .aspx files that make up my site? I can do that if you want.Alexey wrote:Could you send me your test project?
[deleted section - turned out not to be true what I said here]
Let me know if I should send you anything else. Thanks Alexey !!
Last edited by Cody21 on Sun 25 Mar 2007 16:00, edited 1 time in total.
OK just wanted to add something to this after a weekend of testing. Maybe I am just unclear on the concept of being able to "remain logged on" after my initial LOGIN. So thru my week of research and tweaking the web.config settings, I found a BLOG that pointed me to this:
"If you go into IIS and right click on the Application Pool that your web application is using, and choose properties. Then click on the Performance tab. There is a check box for the Idle Timeout. If your application is getting enough use, this might not be an issue. Otherwise the Idle Timeout may need to be set to greater than or equal to the session timeout that you have chosen."
I've confirmed that my Hosting site has the IIS "Idle Timeout" set to 20 mins. After contacting them, they said: "This is not a parameter we will change on our shared hosting - it's designed to conserve resources which are not actively in use. If your users are not actively engaged on the site, then we shouldn't be chewing up RAM to hold settings for their future return... possibly days later. This is our model for shared hosting, as for a very low price, we're attempting to ensure maximum resource availability for all users. Please note that the application pool holds not only the session parameters, but also loads the .net runtime, over 25MB or RAM, as well as other resources... session data is not the only info held within the app pool. "
So I guess I'm *still* not clear on this concept of keeping a user logged in even after no activity or a browser restart. Isn't this what Cookie Management is supposed to do? Does ANYONE have this working using native web.config settings along with mySqlDirect? if so, can you post what your config looks like?
Thanks
"If you go into IIS and right click on the Application Pool that your web application is using, and choose properties. Then click on the Performance tab. There is a check box for the Idle Timeout. If your application is getting enough use, this might not be an issue. Otherwise the Idle Timeout may need to be set to greater than or equal to the session timeout that you have chosen."
I've confirmed that my Hosting site has the IIS "Idle Timeout" set to 20 mins. After contacting them, they said: "This is not a parameter we will change on our shared hosting - it's designed to conserve resources which are not actively in use. If your users are not actively engaged on the site, then we shouldn't be chewing up RAM to hold settings for their future return... possibly days later. This is our model for shared hosting, as for a very low price, we're attempting to ensure maximum resource availability for all users. Please note that the application pool holds not only the session parameters, but also loads the .net runtime, over 25MB or RAM, as well as other resources... session data is not the only info held within the app pool. "
So I guess I'm *still* not clear on this concept of keeping a user logged in even after no activity or a browser restart. Isn't this what Cookie Management is supposed to do? Does ANYONE have this working using native web.config settings along with mySqlDirect? if so, can you post what your config looks like?
Thanks
Please take a look at our WebProviders sample project from MySQLDirect .NET 4.0 package. If you login with "Remember me next time" box checked, then you won't be prompted to re-login until the timeout expires:
Code: Select all
OK - I downloaded the 4.0 BETA and uninstalled 3.55.x ... rebooted and installed the 4.0 BETA ... Installed as TYPICAL. There are no WEBPROVIDER Samples in the Samples list when I click on SAMPLES. (the area where C#, C++, DELPHI, etc are...)
So I launched the SAMPLES / SAMPLES README .. and on that page that comes up, the link is not active in the Screen - the title called "Webproviders". In fact that one and 2 others (Web, Reporting Services) are not active... All of the others are linked and work when I click on them. I also looked at the documenation file for the section about the various Roles/Membership elements for web.config and there is nothing in there that I found related to FORMS AUTHENTICATION .. and I even searched the documentation (CTL+F) ..
What am I doing wrong or missing to be able to click on that topic?? Is the .chm file that is included in the 4.0 Beta supposed to contain that?
Second question: Do I have to be concerned that my PUBLISHED WEB SITE is version 3.55.x --- as long as I don't rebuild the licenses.dll file or modify my web.config file? Just want to make sure I don't corrupt anything. Won't this TRIAL version expire? Or will your Sales dept. send me a link/key when general release comes out?
So OK - back to this Issue in this POST - the web.config you posted to me initially seemed to work. however it was set to expire after 3 seconds based on the timeout you have and it in fact reforced a LOGIN after 1 min. So I upped it to 300000 and the expiration is now set for May 2007. So I closed the browser and came back like around 35 mins. later, and once again am being forced to LOGIN. Very strange. I continued testing this all day - every hour or more coming back, and every time being required to LOGIN again even though I have the "Remember Me" check box selected and the expiration date on the cookie remains at May 2007. It doesn't appear to be working as advertised for me. But other sites (like THIS site) is working perfectly in my browser in that I never/seldom get prompted for a LOGIN after my initial login.) Very strange.
Thanks
So I launched the SAMPLES / SAMPLES README .. and on that page that comes up, the link is not active in the Screen - the title called "Webproviders". In fact that one and 2 others (Web, Reporting Services) are not active... All of the others are linked and work when I click on them. I also looked at the documenation file for the section about the various Roles/Membership elements for web.config and there is nothing in there that I found related to FORMS AUTHENTICATION .. and I even searched the documentation (CTL+F) ..
What am I doing wrong or missing to be able to click on that topic?? Is the .chm file that is included in the 4.0 Beta supposed to contain that?
Second question: Do I have to be concerned that my PUBLISHED WEB SITE is version 3.55.x --- as long as I don't rebuild the licenses.dll file or modify my web.config file? Just want to make sure I don't corrupt anything. Won't this TRIAL version expire? Or will your Sales dept. send me a link/key when general release comes out?
So OK - back to this Issue in this POST - the web.config you posted to me initially seemed to work. however it was set to expire after 3 seconds based on the timeout you have and it in fact reforced a LOGIN after 1 min. So I upped it to 300000 and the expiration is now set for May 2007. So I closed the browser and came back like around 35 mins. later, and once again am being forced to LOGIN. Very strange. I continued testing this all day - every hour or more coming back, and every time being required to LOGIN again even though I have the "Remember Me" check box selected and the expiration date on the cookie remains at May 2007. It doesn't appear to be working as advertised for me. But other sites (like THIS site) is working perfectly in my browser in that I never/seldom get prompted for a LOGIN after my initial login.) Very strange.
Thanks
You should open it as WebSite project in VS.There are no WEBPROVIDER Samples in the Samples list when I click on SAMPLES.
This topic can be found in MSDN. We are working like standard SQL Server provider.What am I doing wrong or missing to be able to click on that topic??
If you didn't modify your site, it shouldn't have been corrupted.Do I have to be concerned that my PUBLISHED WEB SITE is version 3.55.x --- as long as I don't rebuild the licenses.dll file or modify my web.config file? Just want to make sure I don't corrupt anything
We are going to provide the release this week.Won't this TRIAL version expire?
Timeout has minute unit. So 3 meant three minutes. Please try WebProviders demo and inform me how does it behave when playing with that parameter.the web.config you posted to me initially seemed to work. however it was set to expire after 3 seconds based on the timeout you have and it in fact reforced a LOGIN after 1 min. So I upped it to 300000 and the expiration is now set for May 2007. So I closed the browser and came back like around 35 mins. later, and once again am being forced to LOGIN. Very strange
Found it ... Opened it in VS 2005... and attempted to F5 (run it).. error:
Sorry, your trial period has expired.
To order registered version please visit Core Lab site at
http://www.crlab.com/mysqlnet/ordering.html
So as I expected, I need an official key for this version 4.x -- probably best to wait until the official release later this week? I followed the advice in the License FAQ for this TRIAL license & expiration and it tells me to go to my "download site" to get the Trial version without the expiration. Can't find that on the site; even went to the 3.x area where I downloaded me authorized copy of 3.5 ... there's no 4.x anything there.. I tried.
So, until this is resolved I continue to try anything I can think of. I compared the web.config file for that Sample project against mine. I made modifcations to my web.config file based on the Sample's web.config file. Republished the site. Launched the page and saw the cookie that include Anonymous & FormsAuth. Closed the browser and came back to the page about 45 mins later. Once again - LOGIN popped up.
Later the same day: Ran across an item in a Search that suggested that the Role element - cookieTimeout - defaults to 30 mins. hmmm... You don't have a parameter in your Sample for that value... I added it (240 mins) and am testing again... initial check out seemed to have worked when I came back to the site 40 mins later... So I updated t to 2880 and re-published. Will check back on it tomorrow morning and test it.
I'll keep you posted. Thanks.
Sorry, your trial period has expired.
To order registered version please visit Core Lab site at
http://www.crlab.com/mysqlnet/ordering.html
So as I expected, I need an official key for this version 4.x -- probably best to wait until the official release later this week? I followed the advice in the License FAQ for this TRIAL license & expiration and it tells me to go to my "download site" to get the Trial version without the expiration. Can't find that on the site; even went to the 3.x area where I downloaded me authorized copy of 3.5 ... there's no 4.x anything there.. I tried.
So, until this is resolved I continue to try anything I can think of. I compared the web.config file for that Sample project against mine. I made modifcations to my web.config file based on the Sample's web.config file. Republished the site. Launched the page and saw the cookie that include Anonymous & FormsAuth. Closed the browser and came back to the page about 45 mins later. Once again - LOGIN popped up.
Later the same day: Ran across an item in a Search that suggested that the Role element - cookieTimeout - defaults to 30 mins. hmmm... You don't have a parameter in your Sample for that value... I added it (240 mins) and am testing again... initial check out seemed to have worked when I came back to the site 40 mins later... So I updated t to 2880 and re-published. Will check back on it tomorrow morning and test it.
I'll keep you posted. Thanks.
Something else I wanted to add to this problem that may have a bearing on what we're seeing. You know that option in IE Browser that prompts you if you "want to save the user & pw?" - the AUTO COMPLETE option. All other sites that I go to and say YES to Save work fine. It's only THIS Login that the data is not kept. That is, when it expires after 30 mins (or so), the LOGIN screen *never* remembers the user & pw info that I previously keyed in. So I *think* this has something to do with the overall behavior and problem I'm having with this LOGIN control.
Still waiting on a "key" to be able to Test the Trial SAMPLE that you suggested; or the official release of 4.x. In the meantime, I've compared all web.config settings in yours against mine and really don't see much difference.
Still waiting on a "key" to be able to Test the Trial SAMPLE that you suggested; or the official release of 4.x. In the meantime, I've compared all web.config settings in yours against mine and really don't see much difference.