No cookie timeout in forms authentication

S

Sebastien Roeckel

Hello

I have a problem with the authentication cookie timeout in a forms
authentication.

I've developed a Web application that uses forms authentication.
My web.config is configured for the authentication cookie to expire
after 30 minutes.
The login page asks for the user's credentials and if OK, writes the
authentication cookie (through the
FormsAuthentication.RedirectFromLoginPage method).

First I checked the presence of the cookie in a base page from which
all my web pages are derived --> the cookie timeout is correctly
handled (if nothing is done on the web site during 30 minutes, an
action on the web site redirects me to the login page).

Then I moved the cookie's presence verification from the base page to
the AuthenticateRequest method (in global.asax): by doing so, the
cookie timeout didn't seem to work anymore: I can log to the web site
and let the browser running overnight, the next morning I can browse
on the site as if I had logged in 5 minutes before.

The problem seems to come from the verification done in the
AuthenticateRequest method: has anybody an idea or can anybody help ?

Thank you very much
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms authentication cookie handling question (C#) 4
cookie timeout 3
Forms Authentication-timeout 0
Problem with Forms Authentication Cookie & Server 2003 2
Forms timeout, Session timeout 0
Forms Authentication - how to read timeout? 1
Forms Authentication and session timeout 0
Forms Authentication non-persistent cookie not expiring after closingthe browser 3

Members online

No members online now.
Total: 18 (members: 0, guests: 18)
Robots: 363

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,014
Latest member
BiancaFix3

Latest Threads

Top