Login snippet "remember me" and "forgotten password"

huwred · April 24, 2025, 6:42am

Yes, I enabled remember me.

        [HttpPost]
        public async Task<IActionResult> HandleLoginAsync(LoginModel login)
        {
            if (ModelState.IsValid == false)
            {
                return CurrentUmbracoPage();
            }

            var validate = await _memberManager.ValidateCredentialsAsync(login.Username, login.Password);
            if (validate)
            {
                var result = await _memberSignInManager.PasswordSignInAsync(login.Username, login.Password, login.RememberMe, true);
                if (result.Succeeded)
                {
                    if (Url.IsLocalUrl(login.RedirectUrl))
                    {
                        return Redirect(login.RedirectUrl);
                    }

                    return RedirectToCurrentUmbracoPage();
                }

            }
            else
            {
                ModelState.AddModelError(string.Empty,_dictionaryService.GetOrCreateDictionaryValue("Forums.Error.InvalidCredentials","The username or password provided is incorrect.") );
            }
            // If there is a specified path to redirect to then use it.

            return CurrentUmbracoPage();
        }

This creates a 30 day cookie

huwred · April 24, 2025, 6:50am

In one of my other apps (non umbraco) I also have some code like this in my program.cs file

builder.Services.Configure<IdentityOptions>(builder.Configuration.GetSection(nameof(IdentityOptions)));
builder.Services.ConfigureApplicationCookie(options =>
{
    options.ExpireTimeSpan = TimeSpan.FromDays(30);
    options.SlidingExpiration = true;
    // Cookie settings
    options.Cookie.SameSite = SameSiteMode.Strict;
    options.Cookie.HttpOnly = true;


});

craigs100 · April 24, 2025, 8:00am

So I wonder why my code only produces a session cookie?

huwred · April 24, 2025, 11:26am

what exact version are you using? I will fire up a quick test site and have a check if it is different. (I was checking against 14.3.something

craigs100 · April 24, 2025, 11:38am

Using V13.8.0 now.

Thanks

huwred · April 24, 2025, 1:05pm

That should be fine as it was previously ok in 13 but will take a look this evening to check. I don’t believe I changed anything in Umbraco relating to that.

craigs100 · April 25, 2025, 6:11pm

Have now built out a whole Forgotten Password system which works fine. Thanks for all the hints.

However, the Remember Me cookie created is created as a Session cookie. Even though I have this in a composer:-

builder.Services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.Name = "UmbracoMemberAuth";
            options.LoginPath = "/login"; // optional, your login page
            options.LogoutPath = "/"; // optional
            options.ExpireTimeSpan = TimeSpan.FromDays(30); // Lifespan for RememberMe
            options.SlidingExpiration = true; // Optional: resets expiration time on activity
        });

It only appears after the 2FA completes. Is that a hint?