I'm having a problem with the Forms Auth cookie ".DOTNETNUKE" being persisted across browser sessions. I'm running dnn 07.02.02 (303). I have unchecked the checkbox "Enable Remember me on login controls?" as suggested in the article here http://www.dnnsoftware.com/wiki/page/...
I'm not using the DNN login form but instead using a custom HttpModule that calls the DotNetNuke.Entities.User.UserController.UserLogin method with the last parameter "createPersistentCookie" set to false.
The user is successfully authenticated, logged in and the forms auth cookie ".DOTNETNUKE" is created but instead of the cookie indicating that it's expiration is "end of session" it has a date/time equal to the timeout set in the timeout attribute of the <authentication><forms> element in the web.config.
Am I missing something or is there a problem in dnn with disabling persistent cookies?
The definition for the method I'm calling on the dnn api:
// Validates a User's credentials against the Data Store, and sets the Forms
// Authentication Ticket
// The Id of the Portal the user belongs to
// The user name of the User attempting to log in
// The password of the User attempting to log in
// The verification code of the User attempting to log in
// The name of the Portal
// The IP Address of the user attempting to log in
// A UserLoginStatus enumeration that indicates the status of the Login attempt.
// This value is returned by reference.
// A flag that indicates whether the login credentials should be persisted.
// The UserInfo object representing a successful login
public static UserInfo UserLogin(int portalId, string username, string password, string verificationCode, string portalName, string ip, ref UserLoginStatus loginStatus, bool createPersistentCookie);