dik mus
|
| Posted: 03/15/2005, 6:10 AM |
|
Hi,
My users need to login all the time (even in the same session). I thought the credentials should be saved in a user cooklie, but in my case this mechanism does not seem to work.
Any suggestions why?
|
|
|
 |
peterr
Posts: 5971
|
| Posted: 03/15/2005, 10:56 AM |
|
Could you please explain how did you save those credentials in a cookie, and how are you using them when users come back?
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
dik mus
|
| Posted: 03/15/2005, 12:23 PM |
|
actually i did not do anything. I just used the standard procedure to implement security. I just assumed this would work with cookies, but i dont know how it is implemented. Everything works as expected, it is just that users have to log in over and over. I would expect that logging in once should be enough for at least a session.
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/15/2005, 12:45 PM |
|
The login is always required only once per session. No cookies are needed for this except special type of cookies known as "session cookies".
A session is usually set to expire after 10 minutes of inactivity on most servers (I think). Are your users redirected to the login page even if they are actively working and just trying to go from page to page?
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
dik mus
|
| Posted: 03/17/2005, 6:54 AM |
|
My users need to go to different pages to do different database edditing tasks. They have to login before they can do the editing. Ater logging in they can go back to the same page without logging in again, but if they go to some other page, very often they have to login again. The new login is required long before the 10 minute session ending could happen.
The pages are in different directorys (but that should not make any difference does it.)
Also i have different security levels for different pages, but the users mentioned have access to all these pages, it is just that they have to give them again.
It seems that users are accidentally logged out, but i dont know how this happens, or where to look for it. Does it perhaps happen if i "remove all parameters"
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/17/2005, 10:00 AM |
|
AFAIK "remove all parameters" would not cause this. Unfortunately I don't know why or how this could happen as I never seen such a problem. However, if you are able to replicate this problem every time on some specific page then check if custom code on that page doesn't deal with sessions. I also recommend that you backup and delete your Common.asp, then re-generate it clean by republishing your project. You could also check with the product support for ideas.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Oper
Posts: 1195
|
| Posted: 03/17/2005, 10:10 AM |
|
if you close the broswer where you were using the IIS Session.
you will have to logon again.
To Acomplish a keep login enviroment, you will have to setup that, saving the UserID in a cookie (expired 1 day for security)
and later retreive the userid in the cookie.
But you will have to doit, just a note it's a very simple Script.
But if your user dont close the old browser where they logged, they will stay logged until SESSION varibale Expire on IIS
_________________
____________________________
http://www.7bz.com (Free CMS,CRM Developed in CCS)
http://www.PremiumWebTemplate.com
Affiliation Web Site Templates
Please do backup first |
|
|
|
dik mus
|
| Posted: 03/23/2005, 11:03 AM |
|
I solved the problem, but stil dont exactly understand what went wrong.
I hope this information could be usefull for someone reading the post, or maybe someone can explain what exactly is the problem.
What happend?
I made a includable page that contains a menu with links.
I include this page in all my other pages (that are also in different folders)
Now some links did not work correctly because the links were given relative to the folder the menu was in, and not the folder the page was in. I solved this problem by giving the whole link (http://....) instead of a relative link (../...). This indeed solved that problem.
But now if i click on one of these links, my login credentials are lost. The program seems to think i start a new session or something.
Thanks dik, (using IE6.0, .NET, sql)
|
|
|
|
peterr
Posts: 5971
|
| Posted: 03/23/2005, 1:29 PM |
|
The link control has "Convert URL To" property where you can specify that you want to convert a relative link to absolute. I think that this was implemented specifically for situations like you described.
I'm not sure if that will solve the problem, but possibly you'd like to try this.
However, this issue may be .NET specific as I don't remember seing such issue with ASP or PHP. Thus if the above doesn't solve the problem with login lost login credentials then you may try posting to .NET forums, or check if product support may have some ideas on solving this.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
