Logoff issues on remote server

May 7, 2011 at 7:35 PM

When I run my BE website on localhost is works perfectly, however, the remote server doesn't behave the same.   Authentication is lost during the session and the login page appears, there is no specific page causing this.  It can sometimes occur after loading 5 pages and next time after 10.  The cycle then repeats after logging in  again.  Is the sessionID being lost for some reason?  How can I trace the problem?  -no error created just sent to login page.  Any help would be much appreciated.

Steve

May 26, 2011 at 7:27 PM

The only way I can stop random logoffs is by implementing sqlmembership provider:

<membership defaultProvider="MSSQLMembershipProvider">

     <providers>

      <clear />

       <add name="MSSQLMembershipProvider"

             type="System.Web.Security.SqlMembershipProvider"

             connectionStringName="BlogEngine"

             applicationName="BlogEngine.NET"

       enablePasswordRetrieval="false"

       enablePasswordReset="true"

       requiresQuestionAndAnswer="true"

       requiresUniqueEmail="false"

       passwordFormat="Hashed"

       maxInvalidPasswordAttempts="10"

       minRequiredPasswordLength="5"

       minRequiredNonalphanumericCharacters="0"

       passwordAttemptWindow="10"

       passwordStrengthRegularExpression=""/>

 

     </providers>

   </membership>

 

   <roleManager defaultProvider="MSSQLRoleProvider" enabled="true"

cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">

     <providers>

       <clear />

       <add name="MSSQLRoleProvider"

             type="System.Web.Security.SqlRoleProvider"

             connectionStringName="BlogEngine"

             applicationName="BlogEngine.NET" />

     </providers>

   </roleManager>

Coordinator
May 27, 2011 at 8:02 AM

Which version of BE?  Are you using the standard web.config file that is included with BE?  You may have made some changes to connection strings, etc, but any changes other than that?

By default, session state is disabled in the web.config file.  BE doesn't use it .... it's just using standard forms authentication.  Even if the server restarts, etc and all session is lost, just having that forms authentication cookie is enough to be recognized and not have to login again.

By default the forms authentication cookie is a non-persistent cookie, so if you close your browser, then you'll be logged off (the cookie gets cleared).  So basically the server can be restarted several times, etc, and you should still be logged in.  But if you close your browser once, then you will be logged off.

One possible exception though if you're using the latest versions of BE (the ones with multiple blog support), is that the "cacheRolesInCookie" attribute in <roleManager> has been removed.  In your <roleManager> code above, you have "cacheRolesInCookie" set to "true".  You might want to try setting that to false to see if you start seeing the same behavior where you are getting logged out after 5 to 10 minutes.