Exploring what does “Remember me” checkbox mean on the Login page powered by ASP.NET Forms Authentication

The colleague of mine recently asked me to check if our Login works correctly. His concern was application’s prompt to login although earlier this day he logged in with “Remember me” checkbox checked. It was a surprise for me because our configuration had this statement:

Since I am not an original developer of the application I am currently working on, I was pretty sure this statement means “Keep user logged in for 12 hours”. I figured out I was wrong and in this post, I will explore what does this “Remember me” checkbox actually mean.

Session timeout and Forms Authentication timeout are not related at all. ASP.NET is designed so that information about currently logged user is not stored in the sessions as I presumed. In contrast, when the user logs in it creates a so-called forms authentication ticket. This ticket is a long string of different characters with encoded user information in it. This ticket is then returned to the browser with a request to set a cookie with given ticket. To illustrate:

Next time when the browser does request to the server, it sends the same cookie with the ticket inside back to the server, for example:

By processing the accepted ticket, the server knows which user has sent a request to it.
As you have probably noticed, no session is involved in this browser-server communication. This is how ASP.NET is designed. See details here.

Hence, my configuration <sessionState timeout="720"></sessionState> has nothing to do with Login functionality of my application. It turned out that ticket expiration can be also configured by adding the following statement to the configuration file: <forms timeout="720" />. Finally, my “timeout” configuration looks like this and my user is not logged out for 12 hours:

“Remember me” checkbox only helps user’s authentification to survive the browser restart. So, now my user is not logged out every 30 min (this is default forms timeout) but why do we need this “Remember me” checkbox? When this checkbox is checked the server not only asks the browser to store its ticket, it also asks it to persist this ticket for a certain amount of time. For instance, look at this response when the checkbox is checked:

When the browser receives such a response from the server, it saves the cookie with the ticket in the file system, which makes possible for the cookie to survive browser’s restart and even operating system restart. Read more about persistent cookies here.


The programmable web

I have spent many years in the University teaching students software engineering and writing my Ph.D. theses. During that time, of course, I had to read a lot of books and papers. One interesting point kind of carved in my mind: many years all kinds of software researchers and practitioners were trying to invent components. It was and still is the way too overloaded term. Different software concept was considered as components, from classes and functions to DLLs, JAR files and other things special for the operating system or some kind of framework. Like for example Angular 2 has components concept today as well as a WEB as a whole has now a concept of WEB component.

The primary characteristic of any component has always been some kind of secret and different kinds of components failed in different ways to hide their secrets and provide reusable abstractions. However these days we have another kind of component – a web service running somewhere. I am just amazed how abstract it is. The only thing you have to know is the URL, the address of the resource you want to utilize in your application and that’s basically it. Dave Thomas once in the interview mentioned that someone should have created Intel of software components instead of tons of frameworks. Well, today’s frameworks are not that bad anymore. But we almost have the Intel of software components. The only difference is that this Intel is not a single company but a service through which you can select whatever component you want to use in the application.

I am talking about http://www.programmableweb.com/. It looks like a marketplace for software components. Recently I had to build an application which would ask users to record some video from whatever device, take and store these videos on the server, transcribe videos and store information about videos as well as transcriptions in some kind of storage. Sounds like a really big project? I was able to do it in approximately 2 weeks including investigation and proof of concepts.

First search for some kind of video recording, playback, and hosting service:

After a little bit of investigation CameraTag and Ziggeo proved to be components which could be embedded in my web applications to record/playback videos and also could host these videos and provide fast access to them.

Great, now that I have my videos and access to them, I want to transcribe them. For this I just select IBM Watson service (which by the way is the great one):


Next, glue these web services together and application is ready. And of high quality by the way.

To conclude, I would like to say that now is a really great time for developing software applications. Even a small team can build something complex and large by grabbing whatever complex component it wants and access it almost instantly. One also can build his/her own business in building such software components. The business model is pretty simple, people will pay you for computing and storage resources you provide to them. IBM in my example earns money for their artificial intelligence algorithms and Ziggeo/CameraTag have their money for capturing, storing and playing video resources.


Ідея обчислювального процесу

Я сьогодні почав читати книгу “Structure and Interpretation of Computer Programs“. Початок першого розділу мені так сподобався, що я вирішив його перекласти. Мені здається, що для студентів-програмістів ці декілька абзаців можуть стати певним просвітленням.

Ми збираємося вивчати ідею обчислювального процесу. Обчислювальні процеси є абстрактними істотами, які населяють комп’ютери. По мірі їх виконання, процеси маніпулюють іншими абстрактними істотами, які називаються даними. Виконання процесу спрямовує система правил, яка називається програмою. Люди створюють програми, для спрямування процесів. По суті, ми заклинаємо духів комп’ютера нашими заклинаннями.
Обчислювальний процес, дійсно, дуже схожий на поняття чаклунського духу. Його не можливо розглянути або торкнутися. Він зовсім не складається з матерії. Однак, він дуже реальний. Він може виконувати інтелектуальну роботу. Він може відповідати на запитання. Він може вплинути на світ виплатою грошей у банку або контролем маніпулятора на заводі. Програми, які ми використовуємо щоб чаклувати процеси – подібні до заклинань чаклуна. Вони ретельно складені з символічних виразів на таємничих і езотеричних мовах програмування та приписують завдання, які ми хочемо, щоб наші процеси виконували.

Обчислювальні процеси в комп’ютері, що правильно працює, виконують програми точно й правильно. Таким чином, подібно до учня чаклуна, програмісти-початківці повинні навчитися розуміти і передбачати наслідки їх чаклунств. Навіть невеликі помилки (які зазвичай називають багами або дефектами) в програмах можуть мати складні та непередбачувані наслідки.

На щастя, навчання програмуванню значно менш небезпечне ніж вивчення магії, тому що духи з якими ми маємо справу, зручно утримуються в безпечному режимі. Проте реальне програмування вимагає ретельності, досвіду і мудрості. Наприклад, невелика помилка в системі автоматизованого проектування може призвести до катастрофи літака, пошкодження або самознищення промислового робота.

Кваліфіковані інженери з програмного забезпечення можуть організувати програми так, що вони можуть бути достатньо впевнені у тому, що процеси, які управляються цими програмами виконають призначені завдання. Кваліфіковані інженери можуть наперед чітко уявляти собі поведінку їх систем. Вони знають як організувати програми так, щоб непередбачені проблеми не призвели до катастрофічних наслідків, а коли проблеми виникають, вони можуть налагоджувати свої програми. Добре розроблені обчислювальні системи, подібно до добре продуманих автомобілів або ядерних реакторів, розроблені на модульній основі таким чином, щоб їх частини могли бути побудовані, замінені і налагоджений окремо.