forms authentication ticket expiration problem

Discussion in 'ASP .Net Security' started by tparks69, Feb 17, 2005.

  1. tparks69

    tparks69 Guest

    I have set up forms based authentication according to the KB article
    (http://support.microsoft.com/kb/308157/EN-US/) using the
    FormsAuthenticationTicket based method. I have the timeout parameter set to
    "2" in web.config, and also in the code that creates the ticket. When I
    refresh default.aspx after waiting 2 minutes, I should get bounced back to
    loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:

    From web.config:
    *************
    <authentication mode="Forms">
    <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
    protection="All" timeout="2"></forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    *************

    From loginform.aspx:
    ****************
    tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
    DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
    custom data")
    cookiestr = FormsAuthentication.Encrypt(tkt)
    ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
    cookiestr)
    If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
    ck.Path = FormsAuthentication.FormsCookiePath()
    Response.Cookies.Add(ck)
    ***************

    Any suggestions greatly appreciated.

    Tom
    tparks69, Feb 17, 2005
    #1
    1. Advertising

  2. tparks69

    PL Guest

    Try setting slidingExpiration="false" in the <forms ..>

    PL.


    "tparks69" <> skrev i meddelandet news:...
    >I have set up forms based authentication according to the KB article
    > (http://support.microsoft.com/kb/308157/EN-US/) using the
    > FormsAuthenticationTicket based method. I have the timeout parameter set to
    > "2" in web.config, and also in the code that creates the ticket. When I
    > refresh default.aspx after waiting 2 minutes, I should get bounced back to
    > loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:
    >
    > From web.config:
    > *************
    > <authentication mode="Forms">
    > <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
    > protection="All" timeout="2"></forms>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > *************
    >
    > From loginform.aspx:
    > ****************
    > tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
    > DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
    > custom data")
    > cookiestr = FormsAuthentication.Encrypt(tkt)
    > ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
    > cookiestr)
    > If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
    > ck.Path = FormsAuthentication.FormsCookiePath()
    > Response.Cookies.Add(ck)
    > ***************
    >
    > Any suggestions greatly appreciated.
    >
    > Tom
    PL, Feb 17, 2005
    #2
    1. Advertising

  3. tparks69

    tparks69 Guest

    That seems to have done it. Thanks!

    "PL" wrote:

    >
    >
    > Try setting slidingExpiration="false" in the <forms ..>
    >
    > PL.
    >
    >
    > "tparks69" <> skrev i meddelandet news:...
    > >I have set up forms based authentication according to the KB article
    > > (http://support.microsoft.com/kb/308157/EN-US/) using the
    > > FormsAuthenticationTicket based method. I have the timeout parameter set to
    > > "2" in web.config, and also in the code that creates the ticket. When I
    > > refresh default.aspx after waiting 2 minutes, I should get bounced back to
    > > loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:
    > >
    > > From web.config:
    > > *************
    > > <authentication mode="Forms">
    > > <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
    > > protection="All" timeout="2"></forms>
    > > </authentication>
    > > <authorization>
    > > <deny users="?" />
    > > </authorization>
    > >
    > > *************
    > >
    > > From loginform.aspx:
    > > ****************
    > > tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
    > > DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
    > > custom data")
    > > cookiestr = FormsAuthentication.Encrypt(tkt)
    > > ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
    > > cookiestr)
    > > If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
    > > ck.Path = FormsAuthentication.FormsCookiePath()
    > > Response.Cookies.Add(ck)
    > > ***************
    > >
    > > Any suggestions greatly appreciated.
    > >
    > > Tom

    >
    >
    >
    tparks69, Feb 17, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QmlsbCBCb3Jn?=

    Trying to understand ticket/cookie expiration

    =?Utf-8?B?QmlsbCBCb3Jn?=, Oct 8, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    355
    =?Utf-8?B?QmlsbCBCb3Jn?=
    Oct 8, 2004
  2. Keith

    forms auth ticket expiration

    Keith, Apr 6, 2009, in forum: ASP .Net
    Replies:
    2
    Views:
    394
    Keith
    Apr 6, 2009
  3. Lauchlan M
    Replies:
    0
    Views:
    224
    Lauchlan M
    Oct 1, 2003
  4. jfer
    Replies:
    3
    Views:
    552
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
  5. Replies:
    1
    Views:
    176
    Brock Allen
    Nov 22, 2005
Loading...

Share This Page