FormsAuthentication cookies timeout

[tshad]

I am trying to get my authentication to work and want the timeout to be 30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.

 

[tshad]

I did find that I can find the cookie in Mozilla in preferences.

The problem is the expiration time appears to be: Wednesday, January 13,
2055 4:06:51 PM

2055?????

Default is 30 minutes.

Am I missing something?

Thanks,

Tom.

 

[Guest]

hi tshad..
in ur web.config the default timeout is 20mins.
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
Why don't u change it to ur taste..
Hope it helps
Patrick

 

[tshad]

hi tshad..
in ur web.config the default timeout is 20mins.
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

That is what I am trying to do.

I want to use forms Authentication to control access to my pages and I am
finding that my cookies have an expiration date of 50 years from now (no
matter what I set the timeout field to - maybe this field will not help me).

I would actually like the cookie (or session cookie) for each person to
disapear when they leave the browser. But I also want to make sure that if
the browser is left on for more that some time (say 20 minutes), they have
to log on again.

I was looking on the MS site about cookies and they say that the expiration
date is pointless - it is either there or it isn't. The expiration field is
for information only.

So what good is the timeout?

Tom

 

[Guest]

in ur web.config ..in the forms TAG
whats the name of the Cookie?
In ur code how are u adding the cookie..
Or u didn't specify it at all(but at the same time Forms Auth needs it!!)

 

[tshad]

in ur web.config ..in the forms TAG
whats the name of the Cookie?
In ur code how are u adding the cookie..
Or u didn't specify it at all(but at the same time Forms Auth needs it!!)

Found it.

The problem was that I was passing true as the 2nd argument in
RedirectFromLoginPage. This says to save the cookie on disk and will
persist for 50 years.

By setting it to false, it doesn't write the cookie.

The timeout parameter is how long it will last while the browser is open.
This apparently gets reset if you go to another page before the timeout
period.

Thanks,

Tom

 

[Guest]

Well Tom..
Nice u got the stuff urself
No worries..
Patrick
**But remember the tiemout in Web.Config overrides the one in IIS**
(Tested it myself)

 

[tshad]

Well Tom..
Nice u got the stuff urself
No worries..
Patrick
**But remember the tiemout in Web.Config overrides the one in IIS**
(Tested it myself)

Yes, it is great to find it myself as I will probably remember it better.
But sometimes you just can't find it.

Is the IIS one, the 20 minutes you mentioned?

Thanks,

Tom

 

[Guest]

Yeah the Timeouts in Web.config overrides.
Patrick