Authentication/Session cookie deleting after browser close

Question

What are the exact steps required for a cookie to persist after a browser is closed? At the moment I have:

1. createPersistentCookie set to tru

Answer 1

So I found the solution, eventually. As it turns out, it wasn't the problem with the authentication cookie as such (it was retained correctly, or rather would have been if the handler didn't remove it, having incorrectly decided that a user wasn't logged in based on the missing session). The problem was that the Session cookie was lost, or wasn't identified properly. So the fix was to manually add a session cookie during log on like so:

HttpCookie authCookie = new HttpCookie("ASP.NET_SessionId", Session.SessionID);
authCookie.Domain = ".mydomain.com";
authCookie.Expires = DateTime.Now.AddMonths(1);
Response.Cookies.Add(authCookie);

Now when the browsers opens again the session is identified properly and user session restored.

Answer 2

A persistent forms authentication cookie should not be discarded when the browser closes. It stays valid for the timeout value defined in the web.config.

However, some browsers can be configured to discard all cookies at the end of a session - you may want to check the settings of your browser (FireFox: Tools - options - privacy).