DotNetNuke > Development > Forge > Module - Reports - Changes to persistent cookies in asp.net 2.0

DOWNLOAD

FORUMS

BLOGS

FORGE

HELP

MARKETPLACE

You are here > > >

Project Release Tracking

Roadmap

DotNetNuke Downloads

DotNetNuke Downloads Library

Quick Links

Project Home

Project Discussion

Project Downloads

Issue / Enhancement Log

Get Involved with DNN!

Project Blogs [Andrew]

Andrew Nurse
( Team Leader )

The DotNetNuke Forge Projects are a special category of Forge extensions developed by team members to conform to the high professional standards mandated by DotNetNuke Corporation. The DotNetNuke Forge Projects are distributed as a standard part of the DotNetNuke application.

Module :: Announcements

Module :: Blog

Module :: Chat

Module :: Contacts

Module :: Documents

Module :: Events

Module :: FAQ

Module :: Feedback

Module :: Form and List

Module :: Forum

Module :: Gallery

Module :: Help

Module :: IFrame

Module :: Links

Module :: Map

Module :: Media

Module :: News

Module :: Reports

Module :: Repository

Module :: Store

Module :: Survey

Module :: Users Online

Module :: Wiki

Module :: XML

Provider :: Authentication

Provider :: FCKeditor™

Component :: Client API

Component :: WebControls

Group :: Localization

Group :: Skinning

DotNetNuke® Project :: Reports Module

The Reports module provides a simple, but flexible, view on data from your DotNetNuke Database. SuperUsers (aka "Host" users) can develop Reports by building a SQL Query and visualizing it with one of the Visualizers built-in to the module or a 3rd-party Visualizer.

How can you use the Reports Module?

Display a table of custom data from your Database
Display a list of Users in a specific Role
Display advanced queries that pull data from multiple tables
Display a chart of the number of users in each role
Display a report from SQL Reporting Services (EXPERIMENTAL)

Features: What can the Reports Module do now?

Display the results from any SQL Query in one of many ways:
- a Grid
- a Chart
- an HTML-based template
- an XSLT-based transformation
- or anything else you want with the extensible Visualizer framework
Display reports from SQL Reporting Services
Import/Export Report Definitions through standard Import/Export Content

Roadmap: What are the future plans for the Reports Module?

Full support for the ASP.Net ReportViewer Control and SQL Server Reporting Services
Custom Parameters such as @PortalID, @TabID, @UserID that are filled in when the query is run
Custom Data Sources to enable the module to display reports containing data from:
- Your DNN Data Provider
- Other SQL-based Databases
- XML Data
- UDT Module Data
Allow SuperUsers to predefine a set of Reports that Admins can use (at this time, only SuperUsers can create Reports)

The project can be downloaded here

View_Blog

Changes to persistent cookies in asp.net 2.0

Nov 8

Posted by: cathal connolly
Tuesday, November 08, 2005 5:00:00 AM

In ASP.NET 1.1 persistent cookies are created via FormsAuthentication.SetAuthCookie, which doesn't have a setting to specify how long before the cookie expires. The cookie is actually created with a rather optimistic (and frankly insecure) 50 year expiration date.

This has been changed in asp.net 2.0, and now persistent cookies take their lifetime from the timeout value in the <forms> node in the web.config. As this value is set to 60 in the default dotnetnuke web.config, this is the value that will be used to determine how long a persistent cookie lasts for (note: the default value for forms authentication is 30 minutes if it's not specified).

Whilst this change has been welcomed by security consultants, it's not been widely documented (the change only happend during the RTM release of the 2.0 framework), and may not be the behaviour you desire on your websites, so you may want to extend the timeout to suit your users.

Trackback Print

Location: Blogs

Cathal Connolly

Core :: Security

Tags:

20 comment(s) so far...

Re: Changes to persistent cookies in asp.net 2.0

I would prefer that the site initiate content based on the user's cookie. Even logging in automatically would be great. I have seen this on a couple of sites but have no idea how to do it in DNN

By Jewelsmith on Saturday, March 25, 2006 7:50:07 PM

Re: Changes to persistent cookies in asp.net 2.0

1) This value has what units: minutes, days or what?!
2) Is this FormsAuthentication.SetAuthCookie set for each portal, or for the host or what other levels of granularity are possible?
3) Are these FormsAuthentication.SetAuthCookie values easily edited? Are they exposed through a portal/host setting?!

Thanks!

By VashJuan on Saturday, May 27, 2006 5:38:21 PM

Re: Changes to persistent cookies in asp.net 2.0

1. it's minutes
2. it's set in the web.config file so it applies to every site running under that, though you can add an alternative web.config into each virtual application that will apply to that site.
3.yes, just alter the web.config setting. No, it can't be altered via the host/portal settings, as it's an asp.net setting, not DNN

By cathal on Saturday, May 27, 2006 5:51:03 PM

Re: Changes to persistent cookies in asp.net 2.0

This is not just poorly documented - it's incorrectly documented. The documentation in MSDN still says that persistent cookies don't time out!
Grrrrr.

By DrewTheRat on Thursday, June 08, 2006 3:16:08 PM

Re: Changes to persistent cookies in asp.net 2.0

"slidingExpiration" is false in 2.0 too it looks like, so you might want to turn this back on unless you have specific security requirements. I don't think DNN "reissues" the cookie...

By PortVista on Friday, August 11, 2006 10:34:41 AM

Re: Changes to persistent cookies in asp.net 2.0

None of this is working for me with DNN 4.3.4.

Anyone have any other ideas on how to stay logged in?

By Bluefrog on Thursday, September 07, 2006 8:21:50 PM

Re: Changes to persistent cookies in asp.net 2.0

Does anyone have a working sample? I'm having trouble staying logged in to DNN 4.3.4 as well and a few suggestions pointed me here. Thanks!

By rlmart on Monday, November 13, 2006 12:44:04 AM

Re: Changes to persistent cookies in asp.net 2.0

So to re-ask Bluefrog's question, can this even work in 4.3.4?

Thanks for any help.

By herchenx on Monday, November 13, 2006 12:44:17 AM

Re: Changes to persistent cookies in asp.net 2.0

just set your forms authentication timeout to your desired value e.g. this sets it to 24 hours

By cathal on Monday, November 13, 2006 12:46:56 AM

Re: Changes to persistent cookies in asp.net 2.0

I just tried cathal's recommendation and it works fine so far. Based on my understanding if I want the user "Remember Me" to function for 45 days I would us the value 64800 (60 min X 24 hour X 45 days). Is this correct?

By BOSSupport on Wednesday, November 29, 2006 11:59:49 PM

Re: Changes to persistent cookies in asp.net 2.0

yes, that's correct. FYI, i'm working on an enhancement to seperate the temporary and permanent cookie timeouts, i don't think I have the time to finish it for 4.4, but it should make the release after that.

By cathal on Thursday, November 30, 2006 12:02:31 AM

Re: Changes to persistent cookies in asp.net 2.0

Cathal, do you have an update on this? This seems like a pretty major issue and has a definite impact on my ability to meet one of my clients requirements.

By davido on Friday, December 15, 2006 9:26:24 PM

Re: Changes to persistent cookies in asp.net 2.0

i did check in the enhancement for this, but it's failing to work as it should. I have still to track down the issue, but it will be in a future release. For now, you can use the forms timeout to work around the limitation.

By cathal on Friday, December 15, 2006 9:27:42 PM

Re: Changes to persistent cookies in asp.net 2.0

I did as suggested above and edited my web.config file to:

When I log in, I check the box to remember Login but upon logging out and returning to the login, it remembers the username only, not the password. Is this how it is supposed to work or am I missing something. I was hoping it would remember the password as well, like it happens on most other sites.

I am running v. 4.3.5 with SQL Server 2005

Thanks in advance for any comments

By Tigris7 on Tuesday, January 23, 2007 5:34:07 PM

Re: Password not valid who contain - like email-adresse@coldmail.com

Re:
Password not valid who contain - like email-adresse@coldmail.com
and i look for solution ?
McBerman

By mcberman on Wednesday, February 21, 2007 4:10:29 PM

Re: Changes to persistent cookies in asp.net 2.0

I have a question: I setup DNN3.3.7 and DNN4.4.1 on my computer, after logged in DNN3, I logged in DNN4 and see that DNN3 auto logged out. Please help me, thnx.

By ddphuoc on Sunday, March 11, 2007 4:42:45 AM

Re: Changes to persistent cookies in asp.net 2.0

This is what I have in web.config file as far as cookies are concerned, and it's not remembering the usernames when the "Remember Login" checkbox is selected. I have DNN4.4.1 on this particular one that I need that functionality. Am I missing something?

enabled="true"
cookieName=".ASPXANONYMOUS"
cookieTimeout="100000"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="None"
domain=""
/>

Thanks,

Waldis

By waldis on Monday, April 09, 2007 9:51:53 PM

Re: Changes to persistent cookies in asp.net 2.0

this does not work in version 4.9.4 of dnn.

Does anybody know a solution?

By nneves on Monday, October 19, 2009 5:55:33 PM

Re: Changes to persistent cookies in asp.net 2.0

this does not work in version 4.9.4 of dnn.

Does anybody know a solution?

By nneves on Monday, October 19, 2009 5:55:00 PM

Re: Changes to persistent cookies in asp.net 2.0

@nneves. i've tested and this does work in 4.9.4, please post you issue in the forums to get further help

By nneves on Monday, October 19, 2009 5:55:09 PM

Team Leadership

Team Members

DotNetNuke Forge Projects

DotNetNuke® Project :: Reports Module

View_Blog

Changes to persistent cookies in asp.net 2.0

Sponsors