Form indetification session expires to early

S

Shimon Sim

Hi
Working on a project that requires Form authentication. My client reports
that he is thrown out to log in page every 5-10 min. I can't understand why.
I don't get the same behavior on my machine.

The web.config file looks like this
<authentication mode="Forms" >

<forms name=".OURCOMPANYEmployee"
loginUrl="login.aspx"
protection= "All"
timeout="30"
path="/"
slidingExpiration="true" />
</authentication>

<authorization>
<deny users="?"/>
</authorization>

Any ideas?

Thanks,
Shimom
 
S

Steven Cheng[MSFT]

Hi Shimon,

As for the problem that some of your customer found your formauth based web
application will make them logout within 5-10 miniutes which is much less
than the value you set in the web.config. I think this is a possible issue
with formauthentication, because the ASP.NET's formsauthentication is
cookie based by default. This means the user's authentication token is
stored in the client user's cookie. And as we know, the clientside's
browser has its cookie privacy which determine the clientside browser how
to treat the cookie from remote site. Since different client may has
different browser and also may have different cookie privacy setting( maybe
restrict than normal level or maybe has applied some certain additional
features), these all will result to
different behavior when visit a cookie based site. As for the cookie
privacy in IE6 and providing a cookie privacy policy in IIS here are some
certain references:

#The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/default.aspx?scid=kb;en-us;293222

#HOW TO: Configure IIS To Use Platform for Privacy Preferences (P3P)
http://support.microsoft.com/default.aspx?scid=kb;en-us;324013

Also, here is a former thread which discussing on the related infos:
#Subject: General Enquiry on Privacy Policy
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=y97K$K
f5DHA.3736%40cpmsftngxa07.phx.gbl&rnum=1&prev=/groups%3Fq%3Dprivacy%2Bsteven
%2Bcheng%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3Den

Hope also helps. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 
S

Steven Cheng[MSFT]

Hi Shimon,

Have you had a chance to check out the suggestions in my last reply or have
you got any further ideas on this issue? If you have anything unclear or if
there're anything else we can help, please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top