I need help figuring out why my authentication ticket is expiring after about an hour on my hosted website. But if I run the site locally the authentication ticket stays alive for the correct amount of time.
This is my localhost web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" path="/" />
</authentication>
and this is my hosted web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" domain=".mywebsite.com" path="/" />
</authentication>
I know the authentication ticket is being created because:
- I can see it in the browser cookies
- I stay logged in even after closing the browser and reopening
- I stay logged in even after website recycles (changing and saving web.config to recycle it)
When I check the cookie expiration date in the browser it’s 2 weeks later. However, after about an hour my authentication always expires.
What can I do to figure out why the hosted website’s authentication is expiring so early?
I don’t know how to go about resolving this problem since it’s my hosted website that is the only one having problems.
Update 1: After waiting 1 hour, I check my browser and I see the cookie still exists. In fact it’s expiration date is set for 2 weeks later. But if I reload the page or try going to any pages that requires authentication I am taken to the login page.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I added a machinekey entry in system.net. Something like this:
<machineKey validationKey="aaa"
decryptionKey="bbb" validation="SHA1" />
and now it keeps the user logged in. However, now it seems like I am having performance issues. The page used to take roughly 500ms to load now takes about double that time.
Method 2
I would try several things in troubleshooting this:
- IIS version & settings between your localhost & hosting. Most likely there are some differences in application pool setting
- In IIS 7, there is a special setting for this: read here
Method 3
Have you asked your hosting provider if the machine.config has this set to a diferent value? Settings on machine.config will override the web.config.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0