Non persistent cookie timeout?

From: bashful.belle@xxxxxxxxx
Date: 11 Jan 2006 18:37:28 -0800

I'm using Forms authentication and a non persistent cookie in my
asp.net application.
How do i get the cookie to time out after a period of inactivity, say
10 minutes, and force the user to login again?
If I close the browser, the next time I use the application, it makes
me log in - and That's fine.
However if I keep the browser session open, it keeps my login valid for
as long as the browser is open - I want it to time out.
Specifying the timeout value in the web.config seems to have no effect.
any pointers? Code appended. Thanks!

<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>

// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");

// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group);

Page.SmartNavigation = false;
//Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,false));

.

Follow-Ups:
- Re: Non persistent cookie timeout?
  - From: S. Justin Gengo [MCP]

Prev by Date: Re: Question with regards to VS.NET2005 IDE and ASP.NET 2.0
Next by Date: RE: Timer Not Working - Can Anyone Explain Why and How to fix?
Previous by thread: VB.NET and crystal report - Need help
Next by thread: Re: Non persistent cookie timeout?
Index(es):
- Date
- Thread

Relevant Pages

Re: Attempt to de-mystify AJAX
... "Hyperlinks" always open a new browser window. ... key (cookie) is still there and still contains the original value. ... You can get the cookies from the HTTP_COOKIE CGI environment variable. ...
(comp.databases.pick)
Re: NSA Used Cookies to Track Visitors Web Activities?
... Could unwittingly installing a compromised browser open the doors wide to cookie-based intrusions? ... A cookie itself is unlikely to be a virus, but if the browser code is written in C, it is very likely to have arrays that are susceptible to "buffer overrun" Sometimes a clever enough person can use such a bug to cause executable code stored in an allegedly non-executable file to replace code in your browser or operating system. ... an external intruder coming in over an Internet connection, presumably that intruder would have access to the cookies on one's machine. ...
(comp.sys.mac.system)
Re: Cookies from ASP.NET app not persisting even when enabled!
... > I'm new to ASP.NET and have been developing a small app at work to test ... > and the authorization cookie is saved as expected on the local machine. ... any browser OTHER THAN the one on the development ...
(microsoft.public.dotnet.framework.aspnet)
Re: Great SWT Program
... Every browser I've ever ... server when requesting any URLs from that server. ... doesn't send the cookie. ... every so often nail the ones that got by adblock, ...
(comp.lang.java.programmer)
RE: A technique to mitigate cookie-stealing XSS attacks
... Everyone interested in preventing XSS should review and understand ... remote procedure call instruction encoding where the browser or its OS ... browsers SHOULD adopt support for "client-side ... This new HTTPOnly security feature would simply stop cookie hijacking ...
(Bugtraq)