Maintain Session or Cookie for 30-days on a web farm with SQL Server state management
I'm stuggling to understand how to get something that seems pretty simple, to actually work.
I'm using session state management in SQL server and I want to allow users on a website to only log in every 30-days. During the 30-days I want the user to hit the page and it to automatically log them in. What are my options?
I thought I had it setup to work like this but it is not working as I expected it would in IE. But it is working fine in Firefox. In Firefox the user comes right back in without loging in again. Maybe FF is doing something here itself and IE is not.
When a user logs in and then closes their browser and opens it again, they should pull the same session as before from SQL Server. That was my original thought. How can I connect back up to that same session? But now I am thinking that I cannot. We want it to work sort of like yahoo.com's email where you only have to log in evern 30-days.
I am not doing anything like saving a cookie (well .Net is but not one that I am using here). But I am not creating a cookie and reloading it. I have started to add the code to save a cookie and then reload it because I was not connecting back to the session in SQL Server. Is that the correct approach? Do I need to do the cookie or does SQL Server and .Net have a way to automatically handle this sort of thing if I set the timeout to 30-days?
Now what I am trying to do is create a cookie with the user id. Then when the browser is closed and then opened again, pull the id, reload the user, etc. It's not the same session per say, but the user will not notice if they are automatically logged in. If I can just get their login to automatically work for 30-days I am good. I do not need to maintain the same session in SQL server for 30-days like I was originally thinking. Maybe that is a poor approach anyway because my SQL server will get filled with lots of old sessions for 30-days. So it might be a bad idea to start with. So is the cookie the better approach?
But I am missing something here. Why does this work in Firefox without setting up anything to do this?
In IE if I create a cookie and save it, then close and open the browser and come back in, the cookie is there but empty. Could IE be doing this to me? Is there something I can do to make it survive session? I thought that was the whole point. But the cookie is always empty when I load it agian. What about using a formauthentication cookie? Would that get around this?
What is the correct way to aproach this and give the user a 30-day login even when they close the browser for a web app that runs in a farm with SQL server state management?
Any ideas, thoughts, suggestions, references, etc. are much appreicated.
Last edited by jrothlander; 03-02-2012 at 5:02 PM.