Maintain user session until they log out

how can i do this?

At the moment a user’s session is lost whenever they close the browser, but sites like facebook have a ‘keep me logged in’ option.

How does this work exactly and are there any well known ways to do this in .net?

i understand part of the way it works is that they store the username in a cookie.

You should not rely on Sessions alone. You can increase the session time out in the web.config and make it the same as the cookie time out.

But your code should never call Session[“”] unless u absolutely have to. I always go through a helper class that checks the sessions and updates it via the cookie if need be. But best is to stay away from sessions as much as possible IMHO

even if i increase the session timeout, when the user closes and reopens the browser, they have to login again because the previous session doesnt exist. (asp.net session cookies are not persistent)

what’s the best way to maintain a session?

asp.net cookies are persistant if you make them persistant:


FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMonths(1), true, username, FormsAuthentication.FormsCookiePath);
            string encrTicket = FormsAuthentication.Encrypt(authTicket);
            HttpCookie c = new HttpCookie(FormsAuthentication.FormsCookieName, encrTicket);
            Response.Cookies.Add(c);

            FormsAuthentication.SetAuthCookie(username, true);

Forms auth cookie != session cookie.

Anyhow, the proper answer is to use the User Profile capabilities if you need a simple solution. Or roll your own profile provider if you need a more complex solution.