FormsAuthentication cookies timeout

Discussion in 'ASP .Net' started by tshad, Jan 13, 2005.

  1. tshad

    tshad Guest

    I am trying to get my authentication to work and want the timeout to be 30
    minutes, but only while the browser is active. If the browser closes, I
    want the cookie to disappear.

    Is this possible?

    The 2 web configs are set as:

    *******************************
    <system.web>
    <authentication mode="Forms">
    <forms name="staffing"
    loginUrl="/development/staffing/logon.aspx"
    protection="All"
    path="/" />
    </authentication>
    </system.web>
    *********************************

    ***********************************
    <configuration>
    <system.web>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>
    **************************************

    My problem is during testing the cookie gets turned on and I have to wait
    until the timeout stops.

    Is there a way I can manully delete the cookie?

    Where would it be located when the 'path="/"'?

    Thanks,

    Tom.
    tshad, Jan 13, 2005
    #1
    1. Advertising

  2. tshad

    tshad Guest

    I did find that I can find the cookie in Mozilla in preferences.

    The problem is the expiration time appears to be: Wednesday, January 13,
    2055 4:06:51 PM

    2055?????

    Default is 30 minutes.

    Am I missing something?

    Thanks,

    Tom.
    "tshad" <> wrote in message
    news:uTgkctc%...
    >I am trying to get my authentication to work and want the timeout to be 30
    >minutes, but only while the browser is active. If the browser closes, I
    >want the cookie to disappear.
    >
    > Is this possible?
    >
    > The 2 web configs are set as:
    >
    > *******************************
    > <system.web>
    > <authentication mode="Forms">
    > <forms name="staffing"
    > loginUrl="/development/staffing/logon.aspx"
    > protection="All"
    > path="/" />
    > </authentication>
    > </system.web>
    > *********************************
    >
    > ***********************************
    > <configuration>
    > <system.web>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </configuration>
    > **************************************
    >
    > My problem is during testing the cookie gets turned on and I have to wait
    > until the timeout stops.
    >
    > Is there a way I can manully delete the cookie?
    >
    > Where would it be located when the 'path="/"'?
    >
    > Thanks,
    >
    > Tom.
    >
    tshad, Jan 14, 2005
    #2
    1. Advertising

  3. hi tshad..
    in ur web.config the default timeout is 20mins.
    <sessionState
    mode="InProc"
    stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
    cookieless="false"
    timeout="20"
    />
    Why don't u change it to ur taste..
    Hope it helps
    Patrick




    "tshad" wrote:

    > I am trying to get my authentication to work and want the timeout to be 30
    > minutes, but only while the browser is active. If the browser closes, I
    > want the cookie to disappear.
    >
    > Is this possible?
    >
    > The 2 web configs are set as:
    >
    > *******************************
    > <system.web>
    > <authentication mode="Forms">
    > <forms name="staffing"
    > loginUrl="/development/staffing/logon.aspx"
    > protection="All"
    > path="/" />
    > </authentication>
    > </system.web>
    > *********************************
    >
    > ***********************************
    > <configuration>
    > <system.web>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </configuration>
    > **************************************
    >
    > My problem is during testing the cookie gets turned on and I have to wait
    > until the timeout stops.
    >
    > Is there a way I can manully delete the cookie?
    >
    > Where would it be located when the 'path="/"'?
    >
    > Thanks,
    >
    > Tom.
    >
    >
    >
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Jan 14, 2005
    #3
  4. tshad

    tshad Guest

    "Patrick.O.Ige" <> wrote in message
    news:...
    > hi tshad..
    > in ur web.config the default timeout is 20mins.
    > <sessionState
    > mode="InProc"
    > stateConnectionString="tcpip=127.0.0.1:42424"
    > sqlConnectionString="data
    > source=127.0.0.1;Trusted_Connection=yes"
    > cookieless="false"
    > timeout="20"
    > />


    That is what I am trying to do.

    I want to use forms Authentication to control access to my pages and I am
    finding that my cookies have an expiration date of 50 years from now (no
    matter what I set the timeout field to - maybe this field will not help me).

    I would actually like the cookie (or session cookie) for each person to
    disapear when they leave the browser. But I also want to make sure that if
    the browser is left on for more that some time (say 20 minutes), they have
    to log on again.

    I was looking on the MS site about cookies and they say that the expiration
    date is pointless - it is either there or it isn't. The expiration field is
    for information only.

    So what good is the timeout?

    Tom
    > Why don't u change it to ur taste..
    > Hope it helps
    > Patrick
    >
    >
    >
    >
    > "tshad" wrote:
    >
    >> I am trying to get my authentication to work and want the timeout to be
    >> 30
    >> minutes, but only while the browser is active. If the browser closes, I
    >> want the cookie to disappear.
    >>
    >> Is this possible?
    >>
    >> The 2 web configs are set as:
    >>
    >> *******************************
    >> <system.web>
    >> <authentication mode="Forms">
    >> <forms name="staffing"
    >> loginUrl="/development/staffing/logon.aspx"
    >> protection="All"
    >> path="/" />
    >> </authentication>
    >> </system.web>
    >> *********************************
    >>
    >> ***********************************
    >> <configuration>
    >> <system.web>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> </system.web>
    >> </configuration>
    >> **************************************
    >>
    >> My problem is during testing the cookie gets turned on and I have to wait
    >> until the timeout stops.
    >>
    >> Is there a way I can manully delete the cookie?
    >>
    >> Where would it be located when the 'path="/"'?
    >>
    >> Thanks,
    >>
    >> Tom.
    >>
    >>
    >>
    tshad, Jan 14, 2005
    #4
  5. in ur web.config ..in the forms TAG
    whats the name of the Cookie?
    In ur code how are u adding the cookie..
    Or u didn't specify it at all(but at the same time Forms Auth needs it!!)






    "tshad" wrote:

    > I did find that I can find the cookie in Mozilla in preferences.
    >
    > The problem is the expiration time appears to be: Wednesday, January 13,
    > 2055 4:06:51 PM
    >
    > 2055?????
    >
    > Default is 30 minutes.
    >
    > Am I missing something?
    >
    > Thanks,
    >
    > Tom.
    > "tshad" <> wrote in message
    > news:uTgkctc%...
    > >I am trying to get my authentication to work and want the timeout to be 30
    > >minutes, but only while the browser is active. If the browser closes, I
    > >want the cookie to disappear.
    > >
    > > Is this possible?
    > >
    > > The 2 web configs are set as:
    > >
    > > *******************************
    > > <system.web>
    > > <authentication mode="Forms">
    > > <forms name="staffing"
    > > loginUrl="/development/staffing/logon.aspx"
    > > protection="All"
    > > path="/" />
    > > </authentication>
    > > </system.web>
    > > *********************************
    > >
    > > ***********************************
    > > <configuration>
    > > <system.web>
    > > <authorization>
    > > <deny users="?" />
    > > </authorization>
    > > </system.web>
    > > </configuration>
    > > **************************************
    > >
    > > My problem is during testing the cookie gets turned on and I have to wait
    > > until the timeout stops.
    > >
    > > Is there a way I can manully delete the cookie?
    > >
    > > Where would it be located when the 'path="/"'?
    > >
    > > Thanks,
    > >
    > > Tom.
    > >

    >
    >
    >
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Jan 14, 2005
    #5
  6. tshad

    tshad Guest

    "Patrick.O.Ige" <> wrote in message
    news:...
    > in ur web.config ..in the forms TAG
    > whats the name of the Cookie?
    > In ur code how are u adding the cookie..
    > Or u didn't specify it at all(but at the same time Forms Auth needs it!!)


    Found it.

    The problem was that I was passing true as the 2nd argument in
    RedirectFromLoginPage. This says to save the cookie on disk and will
    persist for 50 years.

    By setting it to false, it doesn't write the cookie.

    The timeout parameter is how long it will last while the browser is open.
    This apparently gets reset if you go to another page before the timeout
    period.

    Thanks,

    Tom
    >
    >
    >
    >
    >
    >
    > "tshad" wrote:
    >
    >> I did find that I can find the cookie in Mozilla in preferences.
    >>
    >> The problem is the expiration time appears to be: Wednesday, January 13,
    >> 2055 4:06:51 PM
    >>
    >> 2055?????
    >>
    >> Default is 30 minutes.
    >>
    >> Am I missing something?
    >>
    >> Thanks,
    >>
    >> Tom.
    >> "tshad" <> wrote in message
    >> news:uTgkctc%...
    >> >I am trying to get my authentication to work and want the timeout to be
    >> >30
    >> >minutes, but only while the browser is active. If the browser closes, I
    >> >want the cookie to disappear.
    >> >
    >> > Is this possible?
    >> >
    >> > The 2 web configs are set as:
    >> >
    >> > *******************************
    >> > <system.web>
    >> > <authentication mode="Forms">
    >> > <forms name="staffing"
    >> > loginUrl="/development/staffing/logon.aspx"
    >> > protection="All"
    >> > path="/" />
    >> > </authentication>
    >> > </system.web>
    >> > *********************************
    >> >
    >> > ***********************************
    >> > <configuration>
    >> > <system.web>
    >> > <authorization>
    >> > <deny users="?" />
    >> > </authorization>
    >> > </system.web>
    >> > </configuration>
    >> > **************************************
    >> >
    >> > My problem is during testing the cookie gets turned on and I have to
    >> > wait
    >> > until the timeout stops.
    >> >
    >> > Is there a way I can manully delete the cookie?
    >> >
    >> > Where would it be located when the 'path="/"'?
    >> >
    >> > Thanks,
    >> >
    >> > Tom.
    >> >

    >>
    >>
    >>
    tshad, Jan 14, 2005
    #6
  7. Well Tom..
    Nice u got the stuff urself
    No worries..
    Patrick
    **But remember the tiemout in Web.Config overrides the one in IIS**
    (Tested it myself)

    "tshad" wrote:

    > "Patrick.O.Ige" <> wrote in message
    > news:...
    > > in ur web.config ..in the forms TAG
    > > whats the name of the Cookie?
    > > In ur code how are u adding the cookie..
    > > Or u didn't specify it at all(but at the same time Forms Auth needs it!!)

    >
    > Found it.
    >
    > The problem was that I was passing true as the 2nd argument in
    > RedirectFromLoginPage. This says to save the cookie on disk and will
    > persist for 50 years.
    >
    > By setting it to false, it doesn't write the cookie.
    >
    > The timeout parameter is how long it will last while the browser is open.
    > This apparently gets reset if you go to another page before the timeout
    > period.
    >
    > Thanks,
    >
    > Tom
    > >
    > >
    > >
    > >
    > >
    > >
    > > "tshad" wrote:
    > >
    > >> I did find that I can find the cookie in Mozilla in preferences.
    > >>
    > >> The problem is the expiration time appears to be: Wednesday, January 13,
    > >> 2055 4:06:51 PM
    > >>
    > >> 2055?????
    > >>
    > >> Default is 30 minutes.
    > >>
    > >> Am I missing something?
    > >>
    > >> Thanks,
    > >>
    > >> Tom.
    > >> "tshad" <> wrote in message
    > >> news:uTgkctc%...
    > >> >I am trying to get my authentication to work and want the timeout to be
    > >> >30
    > >> >minutes, but only while the browser is active. If the browser closes, I
    > >> >want the cookie to disappear.
    > >> >
    > >> > Is this possible?
    > >> >
    > >> > The 2 web configs are set as:
    > >> >
    > >> > *******************************
    > >> > <system.web>
    > >> > <authentication mode="Forms">
    > >> > <forms name="staffing"
    > >> > loginUrl="/development/staffing/logon.aspx"
    > >> > protection="All"
    > >> > path="/" />
    > >> > </authentication>
    > >> > </system.web>
    > >> > *********************************
    > >> >
    > >> > ***********************************
    > >> > <configuration>
    > >> > <system.web>
    > >> > <authorization>
    > >> > <deny users="?" />
    > >> > </authorization>
    > >> > </system.web>
    > >> > </configuration>
    > >> > **************************************
    > >> >
    > >> > My problem is during testing the cookie gets turned on and I have to
    > >> > wait
    > >> > until the timeout stops.
    > >> >
    > >> > Is there a way I can manully delete the cookie?
    > >> >
    > >> > Where would it be located when the 'path="/"'?
    > >> >
    > >> > Thanks,
    > >> >
    > >> > Tom.
    > >> >
    > >>
    > >>
    > >>

    >
    >
    >
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Jan 14, 2005
    #7
  8. tshad

    tshad Guest

    "Patrick.O.Ige" <> wrote in message
    news:...
    > Well Tom..
    > Nice u got the stuff urself
    > No worries..
    > Patrick
    > **But remember the tiemout in Web.Config overrides the one in IIS**
    > (Tested it myself)


    Yes, it is great to find it myself as I will probably remember it better.
    But sometimes you just can't find it.

    Is the IIS one, the 20 minutes you mentioned?

    Thanks,

    Tom
    >
    > "tshad" wrote:
    >
    >> "Patrick.O.Ige" <> wrote in message
    >> news:...
    >> > in ur web.config ..in the forms TAG
    >> > whats the name of the Cookie?
    >> > In ur code how are u adding the cookie..
    >> > Or u didn't specify it at all(but at the same time Forms Auth needs
    >> > it!!)

    >>
    >> Found it.
    >>
    >> The problem was that I was passing true as the 2nd argument in
    >> RedirectFromLoginPage. This says to save the cookie on disk and will
    >> persist for 50 years.
    >>
    >> By setting it to false, it doesn't write the cookie.
    >>
    >> The timeout parameter is how long it will last while the browser is open.
    >> This apparently gets reset if you go to another page before the timeout
    >> period.
    >>
    >> Thanks,
    >>
    >> Tom
    >> >
    >> >
    >> >
    >> >
    >> >
    >> >
    >> > "tshad" wrote:
    >> >
    >> >> I did find that I can find the cookie in Mozilla in preferences.
    >> >>
    >> >> The problem is the expiration time appears to be: Wednesday, January
    >> >> 13,
    >> >> 2055 4:06:51 PM
    >> >>
    >> >> 2055?????
    >> >>
    >> >> Default is 30 minutes.
    >> >>
    >> >> Am I missing something?
    >> >>
    >> >> Thanks,
    >> >>
    >> >> Tom.
    >> >> "tshad" <> wrote in message
    >> >> news:uTgkctc%...
    >> >> >I am trying to get my authentication to work and want the timeout to
    >> >> >be
    >> >> >30
    >> >> >minutes, but only while the browser is active. If the browser
    >> >> >closes, I
    >> >> >want the cookie to disappear.
    >> >> >
    >> >> > Is this possible?
    >> >> >
    >> >> > The 2 web configs are set as:
    >> >> >
    >> >> > *******************************
    >> >> > <system.web>
    >> >> > <authentication mode="Forms">
    >> >> > <forms name="staffing"
    >> >> > loginUrl="/development/staffing/logon.aspx"
    >> >> > protection="All"
    >> >> > path="/" />
    >> >> > </authentication>
    >> >> > </system.web>
    >> >> > *********************************
    >> >> >
    >> >> > ***********************************
    >> >> > <configuration>
    >> >> > <system.web>
    >> >> > <authorization>
    >> >> > <deny users="?" />
    >> >> > </authorization>
    >> >> > </system.web>
    >> >> > </configuration>
    >> >> > **************************************
    >> >> >
    >> >> > My problem is during testing the cookie gets turned on and I have to
    >> >> > wait
    >> >> > until the timeout stops.
    >> >> >
    >> >> > Is there a way I can manully delete the cookie?
    >> >> >
    >> >> > Where would it be located when the 'path="/"'?
    >> >> >
    >> >> > Thanks,
    >> >> >
    >> >> > Tom.
    >> >> >
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
    tshad, Jan 14, 2005
    #8
  9. Yeah the Timeouts in Web.config overrides.
    Patrick

    "tshad" wrote:

    > "Patrick.O.Ige" <> wrote in message
    > news:...
    > > Well Tom..
    > > Nice u got the stuff urself
    > > No worries..
    > > Patrick
    > > **But remember the tiemout in Web.Config overrides the one in IIS**
    > > (Tested it myself)

    >
    > Yes, it is great to find it myself as I will probably remember it better.
    > But sometimes you just can't find it.
    >
    > Is the IIS one, the 20 minutes you mentioned?
    >
    > Thanks,
    >
    > Tom
    > >
    > > "tshad" wrote:
    > >
    > >> "Patrick.O.Ige" <> wrote in message
    > >> news:...
    > >> > in ur web.config ..in the forms TAG
    > >> > whats the name of the Cookie?
    > >> > In ur code how are u adding the cookie..
    > >> > Or u didn't specify it at all(but at the same time Forms Auth needs
    > >> > it!!)
    > >>
    > >> Found it.
    > >>
    > >> The problem was that I was passing true as the 2nd argument in
    > >> RedirectFromLoginPage. This says to save the cookie on disk and will
    > >> persist for 50 years.
    > >>
    > >> By setting it to false, it doesn't write the cookie.
    > >>
    > >> The timeout parameter is how long it will last while the browser is open.
    > >> This apparently gets reset if you go to another page before the timeout
    > >> period.
    > >>
    > >> Thanks,
    > >>
    > >> Tom
    > >> >
    > >> >
    > >> >
    > >> >
    > >> >
    > >> >
    > >> > "tshad" wrote:
    > >> >
    > >> >> I did find that I can find the cookie in Mozilla in preferences.
    > >> >>
    > >> >> The problem is the expiration time appears to be: Wednesday, January
    > >> >> 13,
    > >> >> 2055 4:06:51 PM
    > >> >>
    > >> >> 2055?????
    > >> >>
    > >> >> Default is 30 minutes.
    > >> >>
    > >> >> Am I missing something?
    > >> >>
    > >> >> Thanks,
    > >> >>
    > >> >> Tom.
    > >> >> "tshad" <> wrote in message
    > >> >> news:uTgkctc%...
    > >> >> >I am trying to get my authentication to work and want the timeout to
    > >> >> >be
    > >> >> >30
    > >> >> >minutes, but only while the browser is active. If the browser
    > >> >> >closes, I
    > >> >> >want the cookie to disappear.
    > >> >> >
    > >> >> > Is this possible?
    > >> >> >
    > >> >> > The 2 web configs are set as:
    > >> >> >
    > >> >> > *******************************
    > >> >> > <system.web>
    > >> >> > <authentication mode="Forms">
    > >> >> > <forms name="staffing"
    > >> >> > loginUrl="/development/staffing/logon.aspx"
    > >> >> > protection="All"
    > >> >> > path="/" />
    > >> >> > </authentication>
    > >> >> > </system.web>
    > >> >> > *********************************
    > >> >> >
    > >> >> > ***********************************
    > >> >> > <configuration>
    > >> >> > <system.web>
    > >> >> > <authorization>
    > >> >> > <deny users="?" />
    > >> >> > </authorization>
    > >> >> > </system.web>
    > >> >> > </configuration>
    > >> >> > **************************************
    > >> >> >
    > >> >> > My problem is during testing the cookie gets turned on and I have to
    > >> >> > wait
    > >> >> > until the timeout stops.
    > >> >> >
    > >> >> > Is there a way I can manully delete the cookie?
    > >> >> >
    > >> >> > Where would it be located when the 'path="/"'?
    > >> >> >
    > >> >> > Thanks,
    > >> >> >
    > >> >> > Tom.
    > >> >> >
    > >> >>
    > >> >>
    > >> >>
    > >>
    > >>
    > >>

    >
    >
    >
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Jan 14, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. .NET Follower

    Meaning Of Timeout in FormsAuthentication???

    .NET Follower, Feb 6, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    346
    .NET Follower
    Feb 6, 2004
  2. Danny
    Replies:
    1
    Views:
    1,320
    Craig Deelsnyder
    Jun 17, 2004
  3. =?Utf-8?B?Q3JhaWc=?=

    formsauthentication timeout & session timeout

    =?Utf-8?B?Q3JhaWc=?=, Aug 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,623
    =?Utf-8?B?RU5JWklO?= .enizin.net>
    Aug 10, 2005
  4. _Who
    Replies:
    7
    Views:
    2,610
  5. Mark Probert

    Timeout::timeout and Socket timeout

    Mark Probert, Oct 6, 2004, in forum: Ruby
    Replies:
    1
    Views:
    1,250
    Brian Candler
    Oct 6, 2004
Loading...

Share This Page