RE: Forms timeout doesn't appear to be working.

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: bruce barker <brucebarker@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 10 Jun 2008 12:28:04 -0700

session tickets and authentication tickets are unrelated to each other. if
you are using inproc sessions you need to worry about recycle events. a
recycle will cause a loss of session. a recycle can be caused by too much
memeory use, idle timeout (20 minutes default), file changes, etc).

if you are the only user, then the idle recycle is probably causing the
recycle.

-- bruce (sqlwork.com)

"Mufasa" wrote:

Folks,
This is sort of a continuation of my question with session timeouts but
slightly different.

I am using Forms authentication with the following code:

FormsAuthenticationTicket lTicket = new
FormsAuthenticationTicket(lsUserID, true, 6000);
// Hash the cookie for transport
string lHash = FormsAuthentication.Encrypt(lTicket);
System.Web.HttpCookie lCookie = new
System.Web.HttpCookie(FormsAuthentication.FormsCookieName, lHash); // Hashed
ticket
// Add the cookie to the list for outgoing response
Response.Cookies.Add(lCookie);

Response.Redirect("~/RM/LoginCustomer.aspx");

I realize the length on the ticket is really REALLY long but at the moment I
want it that way. The problem is, it appears as if the ticket is timing out
after 30 minutes. My session timeout is set using the following code in
web.config:

<sessionState cookieless="false" timeout="480"/>

I realize the timeouts are different but I'm just trying to get it to work.

Is there anything else I need to do to make this work? It seems like it
shouldn't time out but is.

I already have code that says if my login ID, which is stored in the session
is gone, redirect to the login page. But I don't want it to disappear in the
first place. This happens after 30 minutes.

I can't tell for sure whether it's because the session has timed out or the
form ticket has. I have a feeling it's the session timeout because if I take
out the check for the user ID, I get Object Not Defined when I try and
access Session variables.

TIA - Jeff.

References:
- Forms timeout doesn't appear to be working.
  - From: Mufasa

Prev by Date: Re: on postback how keep screen "positiion"
Next by Date: Why Software Sucks
Previous by thread: Forms timeout doesn't appear to be working.
Next by thread: on postback how keep screen "positiion"
Index(es):
- Date
- Thread

Relevant Pages

Re: IIS6 Loss of session
... IIS to recycle your worker process. ... will be lost on the recycle if your session timeout is longer than recycle ... If you configure idle timeout to be greater than session timeout, ... you can take advantage of session state and worker process recycling by ...
(microsoft.public.inetserver.iis)
Re: Session data loss during user logged session
... I am developing web application, which is a part of IT project. ... app Administrators can add end-users of this project. ... I was logged in as another user (I have lost my ticket and session and get ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Forms Authentication Expiration
... but I was wondering if there was a Right Way to do it by having the ticket ... > than that of the session. ... > expiration DateTime or timeout "life time" in minutes. ... >>expires, I do not want them to have to reauthenticate. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: How to do forms authentication with cookieless=UseUri?
... forms authentication create a login ticket and stores it in a cookie or the ... session also creates a session ticket and stores it in a cookie or the ...
(microsoft.public.dotnet.framework.aspnet)
Re: amd64 ssh hangs
... occasionally hangs and eventually times out. ... session has been established. ... the problem persist and then open up a ticket to RH. ... I'd try out the latest client in addition in any case. ...
(comp.security.ssh)