DotNetNuke, ASP.NET, Web Development Blog

Fix "Remember Me" feature of the DotNetNuke Login

When the "Remember Me" feature of the DotNetNuke Login is enabled an encrypted authentication cookie is placed on the user's machine. By default, the web.config has a setting which causes to cookie to expire after one hour, which makes it almost useless.  However, the expiration of the cookie can be tweaked by editing a line in the web.config.

When the "Remember Me" feature of the DotNetNuke Login is enabled an encrypted authentication cookie is placed on the user's machine. The cookies short one hour lifespan makes it almost useless.  However, the expiration of the cookie can be tweaked by editing a line in the web.config.

      < forms name=".DOTNETNUKE" protection="All" timeout="60"  cookieless="UseCookies" />

The default setting is 60 minutes, so it can't remember anyone for very long.

The timeout value is in minutes so increasing it to "10080" would give the users one week before they need to login again.

      < forms name=".DOTNETNUKE" protection="All" timeout="10080"  cookieless="UseCookies" />

You can also add a slidingExpiration property.  With it set to true, every time someone visits with an auth cookie thier time will be reset to the value in the timeout.  That way you can keep the timeout shorter, but still convienient for your visitors that make it back to your site before it expires.

      < forms name=".DOTNETNUKE" protection="All" timeout="10080" slidingExpiration="true"
cookieless="UseCookies" />

Now as long as your visitors make it back before the timeout DotNetNuke will not require them to login again.

One additional detail, if at anypoint the user clicks "logout" the cookie is destroyed immeadiatley and they must login again upon their return.

Comments

Leave a Comment
Gravatar
Name:
Email: (not displayed)
Comments:

CAPTCHA image
Enter the code shown above:
Website

Return to previous page