• Login
  • Register

DNN Blogs

Written for the Community, by the Community

DNN Details 001: Remember Login Checkbox and Staying Logged in Longer

Written By Jeremy Farrance
2019-07-23

DNN's login control is stalwart and works well. It has aged though and conversations were started recently (again) to get things modernized. Read the GitHub issue here; RFC: Mobile Friendly Login... 

But today you need to know how to stay logged in longer. This is functionality you can expect to survive regardless of the future UI changes because it is tied deep down below to .NET's personalization and membership features. Did you know DNN has simple and logical login persistence options? Via 2 settings, users can choose to stay logged in for a) the default amount of time or b) longer; simply by clicking the checkbox, Remember Login. By default, when it is not setup, the Remember Login checkbox doesn't do anything. Since it is also usually visible by default**, and therefore doesn't appear to work, so most people ignore it, or style it hidden, or turn it off. They usually learn about the default timeout of 60 minutes and move on. 

Obligatory backup warning: this is meant for technically savvy users. You are messing with web.config which is serious business. One typo (syntax error) and your DNN site will be down and the error you see will not be very helpful (unless you are on the server the site is running from, and even then, but I digress). Make a copy of web.config so you can put it back if something goes wrong. 

So let's keep this simple. 

In the root of your DNN site, Edit web.config and update the following nodes to whatever value you require. The appropriate fields are identified below in bold - all values are in minutes (i.e. 14 days is 14 * 24 hours * 60 minutes = 20160 minutes). 

The following sets a) a default 2 hour session expiration and allows for b) a Remember Me option of 2 weeks via your cookie (unless you logout). 

Under <system.web>, then in <authentication … />   

    <forms name=".DOTNETNUKE" protection="All" timeout="120" cookieless="UseCookies" /> 

In <appSettings> 

    <add key="PersistentCookieTimeout" value="20160" />  

In English, stay logged in to the site: 

  • by default (with Remember un-checked) = 2 hours 
  • with Remember Login checked = 14 days 

Though obvious to most, it might be worth pointing out that it is 2 hours of inactivity. The persistence is "sliding." Even with a 2 hour default, you could stay logged in all day as long as you keep working and avoid doing nothing for 2 hours straight.

Why 2 hours? Why 14 days? These are just examples. When we work on a DNN site for a client, during construction we like to have the Remember Login checkbox option turned on and visible, set the default to 2 hours and the persistent duration to 4 days. This way with the option checked, your login will even survive a weekend. 

The durations you choose should balance the users and usage against the real or perceived security concerns. But that is a much bigger topic for someone else's deep thinking article. Cheers! 

Sort-of-originally published here.

** if you are wondering where this settings is, in DNN 9.x go to Settings, Security, and on the More tab, then the MORE SECURITY SETTINGS (sub)tab and you will see, "Enable Remember Me on Login Control."

Total: 2 Comment(s)
Good stuff! I have to look this up sometimes because I forget the default suggested values. Thanks for this blog post. Now I don't have to refer to the old wiki. :) https://www.dnnsoftware.com/wiki/persistentcookietimeout
Friday, July 26, 2019 ·
Yes. Thank you very much for this blog. I had been looking for this, and this is very helpful.
Tuesday, October 22, 2019 ·

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved