Re: What relationship between cookie and ticket expiration?

From: Chris R. Timmons (crtimmons_at_X_NOSPAM_Xcrtimmonsinc.com)
Date: 12/22/04

Next message: Steve C. Orr [MVP, MCSD]: "Re: Check if Outlook is installed"
Previous message: Mehdi: "Session_Start infinite loop problem"
In reply to: Bill Borg: "What relationship between cookie and ticket expiration?"
Next in thread: Bill Borg: "Re: What relationship between cookie and ticket expiration?"
Reply: Bill Borg: "Re: What relationship between cookie and ticket expiration?"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 22 Dec 2004 14:50:03 -0800

=?Utf-8?B?QmlsbCBCb3Jn?= <BillBorg@discussions.microsoft.com>
wrote in news:BA993C61-C962-4D29-B71A-A13660C3F180@microsoft.com:

> Hello all,
>
> I am working on forms authentication and trying to understand:
> what's the relationship between the cookie expiration and the
> ticket expiration? I create a cookie and I add an encrypted
> ticket to it. Both of these have an expiration date, but I'm not
> seeing how to use them. Does it make sense that these dates
> would ever differ?

Bill,

There's really no relationship, and in practice both dates are
usually the same.

The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).

The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.

-- 
Hope this helps.
Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/

Next message: Steve C. Orr [MVP, MCSD]: "Re: Check if Outlook is installed"
Previous message: Mehdi: "Session_Start infinite loop problem"
In reply to: Bill Borg: "What relationship between cookie and ticket expiration?"
Next in thread: Bill Borg: "Re: What relationship between cookie and ticket expiration?"
Reply: Bill Borg: "Re: What relationship between cookie and ticket expiration?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

RE: Forms authentication cookie handling question (C#)
... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
(microsoft.public.dotnet.framework.aspnet)
RE: Membership Provider Woes
... You set the FormsAuth ticket on the Login_LoggingIn. ... cookie regardless of whether the user's authentication failed or not. ... Doens't the membership provider set a forms auth cookie for me ...
(microsoft.public.dotnet.framework.aspnet)
RE: Forms authentication cookie handling question (C#)
... programmatically generate forms authentication ticket and set it in ASP.NET ... You use the Login control's "Authentication" event to do the user ... LoginControl's default code logic to generate authentication cookie. ...
(microsoft.public.dotnet.framework.aspnet)
RE: Forms authentication cookie handling question (C#)
... I'm creating some Forms authentication for a section of my website. ... I think I've even got cookie storage working, ... authentication ticket, ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ...
(microsoft.public.dotnet.framework.aspnet)
Perplexing and critical error - please help!
... The site uses Forms authentication w/ anonymous ... pass information about the current conference. ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... // "true" for a durable user cookie ...
(microsoft.public.dotnet.framework.aspnet.webcontrols)