J
Joey Powell
On my asp.net application, suddenly the forms authentication cookies
for clients have quit expiring. This results in users being able to
access the site from day to day without having to log in, even their
browers are closed and reopened hours apart or even if their machines
are rebooted. This behavior did not occur in my application at first.
The problem only began after I modified the web.config file from not
having a timeout value at all (which should have used the default of
30mins?) to a custom value of timeout="10". Anyways that wouldn't work
right for some reason so I took that out and went back to no entry for
the timeout value. Now the cookies never expire! What in the world is
going on here?
for clients have quit expiring. This results in users being able to
access the site from day to day without having to log in, even their
browers are closed and reopened hours apart or even if their machines
are rebooted. This behavior did not occur in my application at first.
The problem only began after I modified the web.config file from not
having a timeout value at all (which should have used the default of
30mins?) to a custom value of timeout="10". Anyways that wouldn't work
right for some reason so I took that out and went back to no entry for
the timeout value. Now the cookies never expire! What in the world is
going on here?