This is driving me crazy. I am trying to set up my website, and it keeps kicking me out. I go through, write all this copy, then click "save" and it brings me to the sign in screen. Please tell me how to make this stop. I have wasted hours re-doing things. HELP!!!!!!!!!!!!!
You more than likely need to add a machineKey setting to the web.config, as afscrombe mentioned. If no machineKey is set at the server level, ASP.NET will periodically generate a new random one. The authentication cookie is encrypted against it, so when the machine key changes, it invalidates all existing login cookies.
CS used to have one set by default, but that rose a security concern that people weren't changing it, so it could prove a potential vulnerability where someone could fake a cookie and then log in as someone on a site. Now, CS doesn't specify one by default, though some of the installers will auto-generate one, so it just depends on how you installed it. IE, if you created the DB manually, no installer was ever run to add one, or if you did an upgrade, you likely had updated the web.config file, so the one that was generated is no longer in there.
In the end, adding one will resolve it.
I would be willing to bet its a issue with Internet explorer.
Can you confirm you are running IE?
The guys at Aquest Hosting are the best in the industry. Sign up today and tell them referal code 1075 sent you!
Yes, I am. Here's the thing, though. I don't ever get logged out of communityserver.org, and it's within the same browser. Is this problem only for admin level? Thanks,Shane
Have you made any changes to the web.config? Especially in the area of timeout settings.
WGB Enterprises (Consulting Services) openSourceC.orgWGB Photography
Not intentionally - I'm not sure what that is. I was actually looking for a timeout in the control panel and haven't found it. The problem is not consistent, though. Usually it's about 10 minutes, maybe more. Today it was literally less than a minute. I couldn't do anything and finish what I was doing.
Well, the default settings never timeout your current session and if you checked the Remember Me box at login your authentication persists across browser sessions a well. There are only 2 ways to log out, clicking on Sign out or deleting your cookie. Do you have any anti-cookie software running?
There is one other thing that can give you the appearance of logging out. Cookies are case sensative and extremely touchy. If the URL changes case, your browser will not send its cookie. Check to make sure that the URL of your site is not changing in any way. If you site is at the root, make sure that the Fully Qualified Domain Name is not changing (i.e. www.mysite.com is not the same as mysite.com, nor is WWW.mysite.com the same). If you placed it in a virtual folder under the root, you need to ensure that this virtual folder name never changes case either.
Have you set your machine key in the web.config file. IF for some reason the server is restarting your website, then when the website starts up it will generate a new encryption key for the cookie, and so CS will no longer be able to decrypt your cookie correctly.
Use a generator such as http://www.aspnetresources.com/tools/keycreator.aspx to create the encryption and decryption keys for you, and then paste in the element provided just below teh first <system.web> entry in your web.config and save the file and upload it back to your site. Does that fix your problems?
CS Documentation - now available in downloadable PDF form
My CS Site
Thanks for all the replies.Bill, I don't think it is a capital's issue, as I saved it as a bookmark and go back that way. Also, my wife is having the same problem on her computer.
afscrome - you are clearly more technical than me. I'm not comfortable changing things like that for fear that I will take down my website, nor would I even know where to find the web.config file. I'm sure I can find it, if there's a step-by-step explanation or something. Are there any tutorials anwhere?
Shane
How did you install your CS site. You either uploaded the files to the server via FTP, or you used the windows installer to install them onto the server. If you uploaded your files via FTP, you'll find the web.config file in at the location you uploaded the files to. If you used the Windows Installer, then it'll likely be at someting like c:\program files\Telligent\community server 2007\web.
As for being scared about mucking up, as long as you make a copy of the web.config file before you edit it, if something goes wront just reinstate the copy you made and everything should work.
Once you've found the web.config file, what you need to do is simple
I followed these instructions and it seems to have cured the issue. Thank you!
I didn't know that you guys had removed it.
I understand the reason for leaving it out, but it really needs to be there to prevent this from happening and sort of gives you a black eye. For the installation packages that currently do no have one, and for which there is no code to generate one during installation, I think it would be prudent to put in a dummy one and put a very prominent:
WARNING: YOU NEED TO CHANGE THE MACHINE KEY IN YOUR WEB.CONFIG TO PREVENT SOME ONE FROM EASILY HACKING INTO YOUR SYSTEM!!!
Go to http://.....yada yada yada.....
I think that might work.
I know. I made my case to Scott and he said no. I don't think he agrees that it is an issue.
Instead of putting a dummy Machine Key, maybe you could have the Web Installer generate a random machine key at the end and try to update it automaticaly like you do with connectionstrings.config, or if that fails say "append this to your web.config file, just below the first <system.web> element". You coud also update the windows installer to do this automatically. This leave out the SDk but people using the SDK should be able to work out the machine key issue fairly easily.
If that can't be done, then it may be a good idea to at least update the Install instructions and add a final step "Generate Machine Key"