Hello All,

If it's possible it would be a great help if a number of people having this problem could do a quick test to help us determine what cause(s) it (I've seen similar problems that have been traced to firewall software, 3rd party modules, ISP setups etc, and I think that it's confusing the picture and making our investigation more difficult).

The problem of logging out is caused when Dotnetnuke think's you've moved between portal's, so it deletes your authorisation cookie and then recreates a new one. This is an accurate behaviour due to the portal virtualisation (though it may be addressed in another way in the future when portal groups functionality is added). It's possible to see the request that causes this, and this information would be invaluable to us.

To see this request, install a HTTP proxy such as fiddler . Start the fiddler application (either via it's program entry or in Internet explorer via tools->fiddler). Look at File->capture traffic and ensure that it's checked. Now browse to your problematic site, log in and then do whatever in your case it is that logs you out. Now stop the capture (pressing F12 will do this in fiddler). To determine which exact request causes the issue, take a look for a request in the "HTTP Sessions" pane that has the login contained in it (e.g. http://localhost/Home/tabid/36/ctl/Login/Default.aspx ). If you click on it, the right hand side will then give the details for that request. Select the 'session inspector' tab, and expand out 'state'. This will display the cookies that have been sent. A succesful login will show 5-8 cookies (depending on DNN version), the key ones to look for are portalaliasid and portalroles. If this request doesn't show it, move down a few more until you locate the correct request.

If you then select the last line for your site in the "HTTP Sessions" pane, you'll see that the the cookies have been reduced to a much smaller amount (typically 2), and that the 2 key portal cookies are gone. If you can then go back up the list you'll be able to see the first request where this is the case, and the one above it is the request that caused the issues. If people can post the following information it would be great (letters in italics are my examples)

Version of DNN problem in: 3.2.0

Issue in portal type (parent/child/both) & url - parent, http://localhost/dotnetnuke

Version of framework running: 2.0

Final succesful HTTP request (i.e. last with the 2 portal cookies) http://localhost/Home/tabid/36/ctl/Profile/UserID/1/Default.aspx

First HTTP request missing the cookies

http://localhost/Home/tabid/36/Default.aspx

DNN function being used

editing superusers profile

Many thanks,

Cathal

---

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US

I've installed Fiddler, but after log into different portals and change IE's Privacy settings, can't see the portalaliasid or portalroles anywhere, at least at Fiddler's Session Inspector window.  Opening the cookies with Notepad, and I can see the portalaliasid and portalroles, each followed by (I believe) the encrypted value.

DNN version: 4.0.2
Issue in portal type: parent, http://www.bmation.com
Framework: 2.0
IE version: 6 sp2
Hosting: Brinkster
Final & First HTTP request:  not sure, since I never saw the right cookies
DNN function:  none, just browsing pages

I've also added some console.write lines in the code of DotNetNuke.HttpModules.DNNMembership.dll, just to see what you say about the cause of logouts, but when it happens I do not see any message on the browser screen.

Hope it helps.

Rgds,
Llamil
Hope it helps

Thanks to everyone who posted their trace details here (and those who emailed me directly). Unfortunately I still don't have enough detail to diagnose a common cause (or common causes), so I'd like to request a further favour. Can people repeat the earlier exercise of capturing session details via fiddler, except this time, when they get logged out, press F12 to stop capturing traffic. Then click in the http sessions pane, and go to Edit->Select All (to select all the session details). Next go to file->Save->Everything to zip. If you can then send me copies of these zip files to cathal.connolly(at)dotnetnuke.com , I have a better chance of diagnosing the problem.

Please note, that whilst Dotnetnuke encrypt's your cookies, which means they will not reveal any pertinent details to me, in theory I could mock up new cookie files and use them to access your portals, I hope the fact that I'm a coreteam member will mean some of you will be good enough to trust me, as I would never do anything like that. For the really paranoid amongst you, create a brand new user in your portal, capture all the details, and then delete the user, as the cookie details will no longer have that user to authenticate against.

Thanks,

Cathal

---

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US