remember me login problem

[indyB]

I'm trying to implement a Remember Me checkbox on my login form that when checked, remembers the users login and password so next time they visit the site they don't have to log in. It doesn't work. Whether I visit another site then come back or close the browser and open a new one to go back to the site, the login page always comes up. Can anyone see where I've gone wrong here?

 

----------- Here's the VB code -------------

 

<%@ Page Language="VB" %>

 

<%@ import Namespace="System.Web.Security" %>

 

<%@ import Namespace="System.Data" %>

 

<%@ import Namespace="System.Data.SqlClient" %>

 

<script runat="server">

 

Sub Login_Click(Src as Object, E as EventArgs)

 

'store NRDS # in Session variable

 

Session.Contents("MAJOR_KEY") = MAJOR_KEY.Text

 

'establish ADO.Net connection

 

Dim strConn As String = ConfigurationSettings.AppSettings("ConnectionString")

 

'sql to get user info

 

Dim strSql as String = "SELECT USERNAME, PASSWORD FROM WHERE (USERNAME = '" + USERNAME.Text + "') AND (PASSWORD = '" + PASSWORD.Text + "')"

 

Dim objConn as New SqlConnection(strConn)

 

Dim objCommand as New SqlCommand(strSql, objConn)

 

Dim objDataReader as SqlDataReader

 

objConn.Open() 'open the connection

 

'open the DataReader to access data

 

objDataReader = objCommand.ExecuteReader(CommandBehavior.CloseConnection)

 

If PASSWORD.Text="1234" then

 

response.write ("<font color=#FFFFFF>You must register and change your password to access the members area.</font>")

 

Else

 

If objDataReader.Read() = True Then 'USERNAME/PASSWORD match, verify again

 

If objDataReader("USERNAME") = USERNAME.Text And objDataReader("PASSWORD") = PASSWORD.Text Then

 

FormsAuthentication.RedirectFromLoginPage(USERNAME.Text, RememberMe.Checked) 'authenticate login, redirect to default page

 

Session.Contents("loginFail") = "N" 'this won't be used if successful login

 

Response.Redirect("members/default.aspx") 'send user to main page with their customized selections

 

Else

 

Session.Contents("loginCount") += 1 'login failed increment counter

 

objDataReader.Close() 'clean up close datareader

 

objConn.Close() 'clean up close ado.net connection

 

Session.Contents("loginFail") = "Y" 'set variable for lockout page

 

Response.Redirect("index.aspx") 'redirect to login again

 

End If

 

Else

 

Session.Contents("loginFail") = "Y" 'set variable for lockout page

 

Response.Write("<font face=arial color=#FFFFFF>Invalid NRDS # or Password. Please Try again.</font>")

 

End If

 

End If

 

objDataReader.Close() 'clean up

 

objConn.Close()

 

End Sub

 

</script>

 

 

----------- Here's the form: ------------

 

<form id="frmLogin" name="frmLogin" runat="server">

 

<img height="100" src="images/header_sm.gif" width="300" />

 

<table width="295">

 

<tbody>

 

<tr>

 

<td class="title" colspan="2"> Member Login</td>

 

</tr>

 

<tr>

 

<td class="body" width="120"> <div align="left">NRDS

 

#: </div></td>

 

<td class="body" width="163"> <asp:textbox id="MAJOR_KEY" runat="server" TextMode="SingleLine"></asp:textbox>

 

</td>

 

</tr>

 

<tr>

 

<td> <div class="body" align="left">Password:

 

</div></td>

 

<td class="body"> <asp:textbox id="PASSWORD" runat="server" TextMode="Password"></asp:textbox>

 

</td>

 

</tr>

 

<tr>

 

<td colspan="2"> <font size="1">Remember

 

passwords are CASE sensitive</font> </td>

 

</tr>

 

<tr>

 

<td> <div class="body" align="left">Remember

 

Login: </div></td>

 

<td class="body"> <asp:checkbox id="RememberMe" runat="server"></asp:checkbox>

 

</td>

 

</tr>

 

<tr>

 

<td> <div align="right">

 

<asp:button id="Login" onclick="Login_Click" runat="server" Text="Login"></asp:button>

 

</div></td>

 

<td> <input style="DISPLAY: none" type="text" />

 

<input id="Reset1" type="reset" value="Reset" name="Reset1" runat="server" /></td>

 

</tr>

 

<tr>

 

<td colspan="2"> <p> You must <a class="navLink" href="register/reg.aspx">register</a>

 

in order to gain access to the members

 

section. </p>

 

<p> <a class="nav" href="register/reg.aspx">Register

 

Now</a> </p></td>

 

</tr>

 

</tbody>

 

</table>

 

<p><span class="legal"> This site requires</span>

 

<asp:HyperLink id="flash" runat="server" Target="_blank" NavigateUrl="http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash"></asp:HyperLink>

 

<span class="legal"><img src="images/get_flashplayer.gif" width="88" height="31" border="0" align="texttop"></span>

 

</p>

 

</form>

 

 

--------- And here are the key parts of my web.config file -----------

 

 

<authentication mode="Forms">

 

<forms name=".theDefault"

 

loginUrl="members/login.aspx"

 

path="/"

 

protection="All"

 

timeout="15" >

 

</forms>

 

</authentication>

 

 

 

<location path="members">

 

<system.web>

 

<authorization>

 

<deny users="?" />

 

</authorization>

 

</system.web>

 

</location>

[mr relaxo]

the session object stores variables in the web servers memory, which are destroyed when the session ends. You need to use cookies if you want to check if your user has logged in previously.

 

So if your user had checked the box requesting they would like to be logged in automatically next time they visit, you would create the cookie with their username and password else just use session variables.

 

info on cookies