+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Remember me on this computer. What is it supposed to do?

Remember me on this computer. What is it supposed to do?

11 posts, 0 answered
  1. Gregg
    Gregg avatar
    20 posts
    Registered:
    22 Jan 2013
    19 Jun 2013
    Link to this post
    I have tried logging into my Sitefinity web site with the Remember me on this computer checkbox checked and unchecked. Either way I still get the same cookies created on my browser. And if I shut down the browser and reopen it I am still logged in. The session timeout appears to be set by the Administration-Settings-Advanced-Security-AuthCookieTimeout regardless of whether the checkbox is checked or not. And when I log out and come back to the login screen the username field is not
    populated with the username.

    So what exactly is the point of the  Remember me on this computer checkbox? What is it supposed to do?
  2. Stoimen Stoimenov
    Stoimen Stoimenov avatar
    60 posts
    Registered:
    11 Jul 2016
    20 Jun 2013
    Link to this post
    Hello,

     Thank you for contacting us.

    I checked the log in form and indeed the "Remember me" functionality has an issue. I have logged a bug internally and it will be fixed for the next releases with higher priority because it is a regression.

    Remembering your user name and password in the input fields is browser functionality and we can't do anything there. Please check your browser settings if it has enabled functionality for saving form data.

    Regards,
    Stoimen Stoimenov
    Telerik
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Susan
    Susan avatar
    8 posts
    Registered:
    23 Aug 2011
    16 Jul 2015
    Link to this post
    I know this is an old thread but we are using a very recent version of Sitefinity and seeing this same behaviors in Chrome.  Regardless of if the remember me is checked or not the user is remembered.  Then on other machines the user is never remembered.  Was this bug actually fixed?
  4. Velizar Bishurov
    Velizar Bishurov avatar
    143 posts
    Registered:
    09 Dec 2016
    21 Jul 2015
    Link to this post
    Hello,

    Such issue is no longer present in Sitefinity. Can you please check whether you have the option AuthCookieIsPersistent checked in Administration -> Settings -> Advanced -> Security. Furthermore are you experiencing the same behavior on other browsers. Have you deleted your cookies and cache before attempting the tests?

    Furthermore you can check out this blog post about Sitefinity Authentication Expiration for further information on the topic.

    Regards,
    Velizar Bishurov
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  5. Bo Chulindra
    Bo Chulindra avatar
    35 posts
    Registered:
    17 Dec 2013
    23 Jul 2015
    Link to this post

    What version of Sitefinity is the fix in? I am on Sitefinity 7.0.5100.0 Enterprise Edition.

     

    I am seeing the exact same behavior whether or not the Remember Me checkbox is checked. If AuthCookieIsPersistent is checked, then I am not logged out even if I close my browser and re-open it. If AuthCookieIsPersistent is not checked, then if I close my browser, I am always logged out.

    Is there some other setting I'm missing?

    Edit:

     Also, I looked at http://www.sitefinity.com/blogs/momchil-mitev%27s-blog/2014/04/07/sitefinity-authentication-expiration but I'm still not clear on what the expected behavior is if the user checks the checkbox. Can you explain what behavior I should be seeing if the checkbox is checked?

  6. Susan
    Susan avatar
    8 posts
    Registered:
    23 Aug 2011
    24 Jul 2015 in reply to Velizar Bishurov
    Link to this post
    When the persistent is checked then like Bo you are never logged out no matter what.  I uncheck that in the backend and then remember me does nothing - I'm never remembered.  I have a support ticket open.
  7. Velizar Bishurov
    Velizar Bishurov avatar
    143 posts
    Registered:
    09 Dec 2016
    25 Jul 2015
    Link to this post
    Hi,

    In general, when you click the "remember me" - i.e. the checkbox  is clicked you are to be remembered as long as your cookies are present (until you delete them). This means that you should remain logged in after browser restarts. If it is unchecked this means that the moment your session ends (either browser close or due to inactivity) your cookie is deleted and you are no longer logged in.

    There are settings in the backend that control this behavior and you can  modify them to suit best your scenario. By going to Administration -> Settings -> Advanced -> Security you can see the settings "BackendUsersSessionTimeout" and "AuthCookieIsPersistent". The first controls how long the cookie will keep the person logged in the backend and the second makes cookie persist through session no matter of the checkbox's state. However, it should be noted that Sitefinity has no control over how browser manages cookies. This means that Sitefinity only tells the browser to set or unset a cookie. What the browser does after that is beyond Sitefinity's control. This is why before jumping on conclusion you should always test the behavior on different browsers and/or different machines.

    Furthermore, it has been noted that in some very rare cases the ISP has a very aggressive caching strategy and interferes with the cookie duration. This is why it is also recommended to test this on different networks as well.

    Regards,
    Velizar Bishurov
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
  8. Bo Chulindra
    Bo Chulindra avatar
    35 posts
    Registered:
    17 Dec 2013
    28 Jul 2015 in reply to Velizar Bishurov
    Link to this post

    Here's some more information I discovered while investigating this.

     When I check "Remember me on this computer" and log in, one cookie is created that is not created when I do not check the checkbox. It is .ASPXAUTH. So it does appear that the checkbox does something. However, the frontend does not seem to respect it.

    In addition, here's a weird scenario that I discovered:

    1. I check the "Remember me on this computer" checkbox and log in.
    2. I restart my browser.
    3. I visit a frontend page that has the permission setting "Denied Users: Anonymous". I am redirected to the login page and it appears that I am not logged in. I do not log in.
    4. I visit the Sitefinity backend which shows that I am logged in.
    5. I visit a frontend page again and now I am logged in!

    This seems like a bug.

  9. Bo Chulindra
    Bo Chulindra avatar
    35 posts
    Registered:
    17 Dec 2013
    30 Jul 2015
    Link to this post

    I got confirmation from Support that this is a bug. Here's the Feedback portal item tracking it: http://feedback.telerik.com/Project/153/Feedback/Details/142653-remember-me-checkbox-on-the-frontend-login-widget-do-not-shows-the-user-as-logged

     

    The only workarounds I can think of for now is to hide the "Remember me on this computer" checkbox since it doesn't do anything.  Then I can either set "AuthCookieIsPersistent" to true (which means all logins will persist through a browser restart) or set it to false (which means no login will persist across a browser restart).

     I think setting AuthCookieIsPersistent to true is not going to work for me because we do not want our clients' customers to close the browser while still logged in and then someone can open the browser behind them and discover the customer is still logged in.

  10. Susan
    Susan avatar
    8 posts
    Registered:
    23 Aug 2011
    30 Jul 2015 in reply to Bo Chulindra
    Link to this post
    I have voted for the bug.  My support incident is on-going and they had not recognized a bug.  I did turn the persistent on for now as well.  Thanks for getting involved in this one and sharing your findings.
  11. Susan
    Susan avatar
    8 posts
    Registered:
    23 Aug 2011
    03 Aug 2015
    Link to this post

    Hi Bo - just FYI they were able to reproduce the issue finally and have escalated the bug.  The workaround for now is to use the persistent cookies.  Basically if you have your frontend login page set to anything then remember me doesn't really work - it will always send you to login:

      From tech: "I have made some additional tests on my end. I have also consulted with the colleague that has logged this bug. I was able to reproduce the problem only in one specific scenario. This problem can be reproduced only if FrontEndLoginPageUrl is set from Adminstration-> Settings -> Advanced -> Project -> DefaultSite. In this scenario the user will be always redirected to the page where login widget is placed.  Please accept my sincere apologies for the inconvenience.​"

11 posts, 0 answered