Re: FormsAuthentication cookies timeout

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: tshad (tscheiderich_at_ftsolutions.com)
Date: 01/14/05 

Date: Thu, 13 Jan 2005 16:27:11 -0800

"Patrick.O.Ige" <PatrickOIge@discussions.microsoft.com> wrote in message
news:6B4AADB8-4476-43A5-8ABF-8F5E06B4C7E1@microsoft.com...
> hi tshad..
> in ur web.config the default timeout is 20mins.
> <sessionState
> mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes"
> cookieless="false"
> timeout="20"
> />

That is what I am trying to do.

I want to use forms Authentication to control access to my pages and I am
finding that my cookies have an expiration date of 50 years from now (no
matter what I set the timeout field to - maybe this field will not help me).

I would actually like the cookie (or session cookie) for each person to
disapear when they leave the browser. But I also want to make sure that if
the browser is left on for more that some time (say 20 minutes), they have
to log on again.

I was looking on the MS site about cookies and they say that the expiration
date is pointless - it is either there or it isn't. The expiration field is
for information only.

So what good is the timeout?

Tom
> Why don't u change it to ur taste..
> Hope it helps
> Patrick
>
>
>
>
> "tshad" wrote:
>
>> I am trying to get my authentication to work and want the timeout to be
>> 30
>> minutes, but only while the browser is active. If the browser closes, I
>> want the cookie to disappear.
>>
>> Is this possible?
>>
>> The 2 web configs are set as:
>>
>> *******************************
>> <system.web>
>> <authentication mode="Forms">
>> <forms name="staffing"
>> loginUrl="/development/staffing/logon.aspx"
>> protection="All"
>> path="/" />
>> </authentication>
>> </system.web>
>> *********************************
>>
>> ***********************************
>> <configuration>
>> <system.web>
>> <authorization>
>> <deny users="?" />
>> </authorization>
>> </system.web>
>> </configuration>
>> **************************************
>>
>> My problem is during testing the cookie gets turned on and I have to wait
>> until the timeout stops.
>>
>> Is there a way I can manully delete the cookie?
>>
>> Where would it be located when the 'path="/"'?
>>
>> Thanks,
>>
>> Tom.
>>
>>
>>

Relevant Pages

  • Re: Authentication question
    ... I also found the settings and chose to set a sliding timeout for the ... complained about having to login when I knew their session had not expired. ... > The session timeout and forms authentication cookie timeout are ... > authentication cookie but all of the inproc session state is gone. ...
    (microsoft.public.dotnet.framework.aspnet)
  • FormsAuthentication cookies timeout
    ... I am trying to get my authentication to work and want the timeout to be 30 ... If the browser closes, I ... The 2 web configs are set as: ... My problem is during testing the cookie gets turned on and I have to wait ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: FormsAuthentication cookies timeout
    ... in ur web.config the default timeout is 20mins. ... Why don't u change it to ur taste.. ... If the browser closes, I ... > want the cookie to disappear. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Persistent Cookies
    ... Yes I know that they arent used for session management. ... happen was the framework itself had set the timeout for a persistent cookie ... set the timeout for persistent cookies in our configuration. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: forms authentication question
    ... sliding timeout or absolute timeout, but my problem is that the ... sliding expiration does not get updated all the time. ... So, if I set the sliding expiration to 20 minutes, the cookie will be updated after 10 minutes, and if the user did something in the first 10 minutes, but then didn't do anything for the next 15 minutes, forms authentication cookie will be timed-out. ... Storing custom session key in the cookie gives me an ability to renew the cookie as long as the session key has not expired. ...
    (microsoft.public.dotnet.framework.aspnet.security)