I noticed a pattern to the seemingly spurious logging out and having to log in again:
- Log in on live or if you are already logged in. Fine.
- Log in on your development machine. (Oh that's weird, I thought I was logged in... but okay maybe I wasn't). Fine.
- Refresh your page on the live site and I need to login again.
Why won't my cookie persist?! Why am I being logged out?This has started happening since the recent ASP.NET security fix was put on our servers. Apparently it is something to do with changing the necessary authentication cookie. I guess in case you were already exploited before the security fix went out. Anyway, if you are swapping between non-patched development servers and patched production servers you're cookie will NOT persist and you will be asked to log in again if authentication or authorization is demanded by your page.
- Install the patch on all servers as per the ASP.NET team's advice
- OR be content with the fact that your customers won't have the problem. (Unless you have both patched and non-patched servers in your web farm)