Deliver Awesome UI with the most complete toolboxes for .NET, Web and Mobile development
Automate UI, load and performance testing for web, desktop and mobile
A complete cloud platform for an app or your entire digital business
Detect and predict anomalies by automating machine learning to achieve higher asset uptime and maximized yield
Automate decision processes with a no-code business rules engine
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premises data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
Personalize and optimize the customer experience across digital touchpoints
Build, protect and deploy apps across any platform and mobile device
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
Thank you for contacting us.
I checked the log in form and indeed the "Remember me" functionality has an issue. I have logged a bug internally and it will be fixed for the next releases with higher priority because it is a regression.
Remembering your user name and password in the input fields is browser functionality and we can't do anything there. Please check your browser settings if it has enabled functionality for saving form data.
What version of Sitefinity is the fix in? I am on Sitefinity 7.0.5100.0 Enterprise Edition.
I am seeing the exact same behavior whether or not the Remember Me checkbox is checked. If AuthCookieIsPersistent is checked, then I am not logged out even if I close my browser and re-open it. If AuthCookieIsPersistent is not checked, then if I close my browser, I am always logged out.
Is there some other setting I'm missing?
Also, I looked at www.sitefinity.com/.../sitefinity-authentication-expiration but I'm still not clear on what the expected behavior is if the user checks the checkbox. Can you explain what behavior I should be seeing if the checkbox is checked?
Here's some more information I discovered while investigating this.
I check "Remember me on this computer" and log in, one cookie is
created that is not created when I do not check the checkbox. It is .ASPXAUTH. So it does appear that the checkbox does something. However, the frontend does not seem to respect it.
In addition, here's a weird scenario that I discovered:
1. I check the "Remember me on this computer" checkbox and log in.
2. I restart my browser.
I visit a frontend page that has the permission setting "Denied Users:
Anonymous". I am redirected to the login page and it appears that I am
not logged in. I do not log in.
4. I visit the Sitefinity backend which shows that I am logged in.
5. I visit a frontend page again and now I am logged in!
This seems like a bug.
I got confirmation from Support that this is a bug. Here's the Feedback portal item tracking it: feedback.telerik.com/.../142653-remember-me-checkbox-on-the-frontend-login-widget-do-not-shows-the-user-as-logged
The only workarounds I can think of for now is to hide the "Remember me on this computer" checkbox since it doesn't do anything. Then I can either set "AuthCookieIsPersistent" to true (which means all logins will persist through a browser restart) or set it to false (which means no login will persist across a browser restart).
I think setting AuthCookieIsPersistent to true is not going to work for me because we do not want our clients' customers to close the browser while still logged in and then someone can open the browser behind them and discover the customer is still logged in.
Hi Bo - just FYI they were able to reproduce the issue finally and have escalated the bug. The workaround for now is to use the persistent cookies. Basically if you have your frontend login page set to anything then remember me doesn't really work - it will always send you to login:
From tech: "I have made some
additional tests on my end. I have also consulted with the colleague that has
logged this bug. I was able to reproduce the problem only in one specific
scenario. This problem can be reproduced only if FrontEndLoginPageUrl is set from Adminstration-> Settings ->
Advanced -> Project -> DefaultSite. In this scenario the user
will be always redirected to the page where login widget is placed. Please accept my sincere apologies for the inconvenience."