Staying logged in

So I turned my moderators loose on the system a couple weeks ago. They have been making test posts and getting to know the new system. One item that they noticed was that the system never kept them logged in even though they had checked the 'Remember Me' box. I had noticed this before as well, but didn't give it much thought. I figured I had something configured screwy in my browser or something. I did some digging and came up with a post in the DNN forums where they talked about this very issue. Apparently the default for DNN is to set the cookie for only 1 hour. I'm not sure of the logic behind a cookie so short. I guess if you have an ecommerce site or something. Anyway, to change the config to allow cookies longer than an hour, open up the web.config file and find this line:

<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies">
</forms>

Change the 'timeout="60"' to however long you want the login to be remembered in minutes. I have it set to 64800 or 45 days.

Another thing that my small sampling of users found was that the default password length was messing them up. I generally use a strong password by default on all my accounts, so I wouldn't have ever found this. By default, DNN requires a password that is 7 characters long. That's too long for a site like mine. I did some more digging and found this line in the web.config:

<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionstringname="SiteSqlServer" enablepasswordretrieval="true" enablepasswordreset="true" requiresquestionandanswer="false" minrequiredpasswordlength="7" minrequirednonalphanumericcharacters="0" requiresuniqueemail="true" passwordformat="Encrypted" applicationname="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database"></add>

See that 'minRequiredPasswordLength="7"' entry? I changed that to 4. I'm only going to require my users to have a 4 digit password.

Users are happy for now.