Forms authorization cookie always set to expire in 2055?

Amil · Jul 22, 2005

I'm using Forms authorization. In my <forms> section I have timeout="30",
but when I examine the cookie, it shows it expiring in 2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>

Brock Allen · Jul 22, 2005

Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

Amil · Jul 22, 2005

So, what good is setting the "timeout" value in the <form> section? Maybe
you didn't read my post accurately.

Brock Allen · Jul 22, 2005

The timeout is used when it's not a persistent cookie. IOW, the boolean parameter
to FormsAuthentication.SetAuthCookie. The docs cover this (except where it
says "Persistent cookies do not time out.". They do time out after 50 years,
as you discovered):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfforms.asp

Amil · Jul 22, 2005

Ahh...yes...now I see. I set the persistant parameter to false and now it
works. Thanks.

Amil

Forms Authentication Cookie Does Not Expire	1	Dec 2, 2003
Forms Authentication for single directory	1	Nov 14, 2008
Forms Authentication	4	Dec 10, 2007
Images Blocked while using Forms Authentication	1	Jan 29, 2007
authorization policy help	0	Oct 4, 2006
Trouble with forms authentication	7	Nov 3, 2004
cannot use stylesheet while using authorization mode forms and deny users=*	1	May 15, 2006
Forms authentication	2	Nov 10, 2003

Forms authorization cookie always set to expire in 2055?

Amil

Brock Allen

Amil

Brock Allen

Amil

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads