IE Stored Passwords Disappear After A Few Hours

[Elroyskimms]

I've posted this question a couple of times before, but everytime
someone tries to help, it seems they completely misunderstand the
problem I am having and offer a solution to a different problem.

I have a web site written entirely in ASP.Net. There is a login page,
which has 2 text boxes... one for e-mail address and the other for
password. When I enter the e-mail address and password and login, IE
asks if I want to save the password. I click Yes, and continue to use
the site. If I log off and return to the login page using the same
e-mail address as before, the password is retreived by IE and
everything works as I think it should.

However, after a couple of hours or a reboot, if I return to the login
page and use the same e-mail address as before, the password is not
retrieved by IE. I have to enter it in again. IE prompts me to save the
password, I say yes, and everything works as expected for a few hours.
I do not know why the password is retrieved, but only for a couple of
hours. I appreciate any help that can be offered for this. Thanks!

-Elroyskimms

 

[Hans Kesting]

I've posted this question a couple of times before, but everytime
someone tries to help, it seems they completely misunderstand the
problem I am having and offer a solution to a different problem.

I have a web site written entirely in ASP.Net. There is a login page,
which has 2 text boxes... one for e-mail address and the other for
password. When I enter the e-mail address and password and login, IE
asks if I want to save the password. I click Yes, and continue to use
the site. If I log off and return to the login page using the same
e-mail address as before, the password is retreived by IE and
everything works as I think it should.

However, after a couple of hours or a reboot, if I return to the login
page and use the same e-mail address as before, the password is not
retrieved by IE. I have to enter it in again. IE prompts me to save the
password, I say yes, and everything works as expected for a few hours.
I do not know why the password is retrieved, but only for a couple of
hours. I appreciate any help that can be offered for this. Thanks!

-Elroyskimms

I don't think this has anything to do with asp.net. It's an IE
feature (or maybe bug), so maybe you should ask in an IE group?
I think it should happen with other sites as well, is that correct?

 

[Elroyskimms]

The problem only exists in login pages that I make. All other IE stored
passwords are retreived as expected. I've made several login pages,
some using cookies to retreive the username/e-mail and others where
nothing is stored on the local machine. This problem exists on all of
them, which tells me that I am doing something wrong.

-Elroyskimms

 

[Elroyskimms]

At first glance I assumed it was related to the Viewstate control that
is placed on each page, but I've been tracking the viewstate value
everytime I log in and logging whether or not the password was
retrieved... and I can't find any sort of a pattern here.
You'll find the PageLoad and Submit_Clicked functions below:

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
If Not Page.IsPostBack Then
If Not Request.Cookies("Action") Is Nothing Then
If Request.Cookies("Action").Value.ToUpper = "LOGOUT"
Then
If Not Request.Cookies("SessionID") Is Nothing Then

local.Logout(Request.Cookies("SessionID").Value)
Response.Cookies("SessionID").Expires =
DateTime.Now.AddYears(-30)
End If
lblError.Text = "You have been logged out"
End If
Response.Cookies("Action").Expires =
DateTime.Now.AddYears(-30)
End If
If Not Request.Cookies("Message") Is Nothing Then
If Request.Cookies("Message").Value.ToUpper = "TIMEOUT"
Then
If Not Request.Cookies("SessionID") Is Nothing Then
local.Logout(Request.Cookies("SessionID").Value)
Response.Cookies("SessionID").Expires =
DateTime.Now.AddYears(-30)
lblError.Text = "Your session has expired. Please
login again."
Else
lblError.Text = Request.Cookies("Message").Value
End If
Response.Cookies("Message").Expires =
DateTime.Now.AddYears(-30)
End If
End If
If Not Request.Cookies("Email") Is Nothing Then
txtEMail.Text = Request.Cookies("Email").Value
cbxRememberMe.Checked = True
End If
End Sub

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles btnLogin.Click
If cbxRememberMe.Checked Then
Response.Cookies("Email").Value = txtEMail.Text
Response.Cookies("Email").Expires =
DateTime.Now.AddDays(30)
Else
Response.Cookies("Email").Expires =
DateTime.Now.Subtract(TimeSpan.FromDays(365))
End If
Dim AccessReader As SqlDataReader =
qryGetContactIDByEmailANDPassword(txtEMail.Text,
local.EncodePassword(txtPassword.Text))
Dim SessionID As String = local.CreateSessionID(32)
Dim SessionReader As SqlDataReader =
qryGetSessionsBySessionID(SessionID)
Do While SessionReader.Read
SessionReader.Close()
SessionID = local.CreateSessionID(32)
SessionReader = qryGetSessionsBySessionID(SessionID)
Loop
SessionReader.Close()
If AccessReader.Read() Then
Response.Cookies.Set(New HttpCookie("SessionID",
SessionID))
Response.Cookies("SessionID").Expires =
DateTime.Now.AddDays(7)
insAddNewAccessSession(SessionID, AccessReader.GetInt16(0),
DateTime.Now, DateTime.Now)
AccessReader.Close()
Response.Redirect("AdminMenu.aspx?Module=Incoming")
Else
lblError.Text = "<font size=2>Invalid E-Mail Address and/or
Password. Please try again</font>"
txtEMail.Text = ""
txtPassword.Text = ""
End If
AccessReader.Close()
End Sub