Windows 2003 Server, Web Farm, Forms Authentication, SlidingExpiration

Discussion in 'ASP .Net Security' started by rmgalante@galaware.com, Oct 4, 2007.

  1. Guest

    I have a web farm with 3 machines running windows 2003 server. I am
    running an asp.net 2.0 application that uses forms authentication. My
    authentication cookie uses sliding expiration and has a timeout of 15
    minutes. My session has a timeout of 20 minutes. Session state is
    maintained in a Sql Server 2005 database.

    My site works with anonymous and authenticated users. Anonymous users
    can search for information and purchase products. Authenticated users
    are administrators that configure the database with an administrative
    menu of scripts.

    My web.config has the following configuration in web.config.

    <authentication mode="Forms">
    <forms cookieless="AutoDetect" slidingExpiration="true" timeout="15"/
    >

    </authentication>

    I thought that as long as the authenticated user is viewing pages, the
    sliding expiration will keep resetting the authentication cookie's
    timeout. The admin section uses meta tags in the header of each page
    that refresh at 19.5 minutes intervals (0.5 minutes before the session
    timeout). This way I can log the user out before the one session
    variable I use for UserId gets deleted.

    But I am seeing the anonymous users getting redirected to the login
    page. These pages do not have the refresh meta tag. And the users are
    not logged in. Why are they getting redirected to the Login page.

    Is it possible that an administrative user who logs out still has a
    cookie in their browser? And if that administrative user surfs the
    site as an anonymous user afterwards, the cookie is still detected,
    and it expires in 15 minutes?

    I need to get to the bottom of this issue. I can't have anonymous
    users redirected to a login page.
     
    , Oct 4, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. coollzh
    Replies:
    0
    Views:
    1,287
    coollzh
    May 18, 2004
  2. milop
    Replies:
    0
    Views:
    393
    milop
    Mar 24, 2008
  3. Dan Key

    Forms Authentication with Server Farm

    Dan Key, Dec 12, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    186
    Holly Mazerolle
    Dec 12, 2003
  4. Alessandro Zucchi

    problem with slidingExpiration

    Alessandro Zucchi, Mar 4, 2005, in forum: ASP .Net Security
    Replies:
    4
    Views:
    258
    Alessandro Zucchi
    Mar 9, 2005
  5. Rohit
    Replies:
    0
    Views:
    140
    Rohit
    Nov 21, 2003
Loading...

Share This Page