Remember Me not working after SP1 with February Cumulative Update
https://sharepoint.stackexchange.com//questions/36353
-
09-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We recently upgraded our servers with SP1 and the Feb. cumulative update. Everything seemed to go well, but we are now noticing that our Remember Me functionality is not working properly. We are not using session cookies and our FormsTokenLifetime value is still set properly in the Security Token Service.
We are writing two cookies when users login (using FBA with a custom membership provider and claims) for cross domain authentication and both cookies have valid expiration dates when they are written. However, after a variable amount of time, the cookies disappear as if the user had clicked log out.
Sometimes this happens after 15 minutes, sometimes after a couple of hours. Closing the browser doesn't trigger this to happen and I've seen a user appear logged out when they come back to a tab that had the site open and were logged in when they left it.
I was wondering if anyone knew if anything in SP1 or the Feb. update could be the cause of our issue.
Solution
After a lot of debugging, I was able to figure out what was causing our issue.
For some reason, our app pool was recycling frequently throughout the day. Users who were actively working on the site were losing their cookies if they had checked Remember Me.
Some code we had in our custom chunked cookie handler was checking for the HttpContext.User property and since it was null (and we needed it to determine whether someone is staff or not), it was expiring the FedAuth cookie.
We were able to change the code to not rely on the HttpContext.User property and the persistent cookie now survives an app pool recycle.
What we are still unsure of is why our app pools were recycling so much. We don't have hard limits set. We set up some monitoring on them and, of course, it stopped happening.
