Windows 2003 Server, Web Farm, Forms Authentication, SlidingExpiration

Discussion in 'ASP .Net Security' started by rmgalante@galaware.com, Oct 4, 2007.

  1. Guest

    I have a web farm with 3 machines running windows 2003 server. I am
    running an asp.net 2.0 application that uses forms authentication. My
    authentication cookie uses sliding expiration and has a timeout of 15
    minutes. My session has a timeout of 20 minutes. Session state is
    maintained in a Sql Server 2005 database.

    My site works with anonymous and authenticated users. Anonymous users
    can search for information and purchase products. Authenticated users
    are administrators that configure the database with an administrative
    menu of scripts.

    My web.config has the following configuration in web.config.

    <authentication mode="Forms">
    <forms cookieless="AutoDetect" slidingExpiration="true" timeout="15"/
    >

    </authentication>

    I thought that as long as the authenticated user is viewing pages, the
    sliding expiration will keep resetting the authentication cookie's
    timeout. The admin section uses meta tags in the header of each page
    that refresh at 19.5 minutes intervals (0.5 minutes before the session
    timeout). This way I can log the user out before the one session
    variable I use for UserId gets deleted.

    But I am seeing the anonymous users getting redirected to the login
    page. These pages do not have the refresh meta tag. And the users are
    not logged in. Why are they getting redirected to the Login page.

    Is it possible that an administrative user who logs out still has a
    cookie in their browser? And if that administrative user surfs the
    site as an anonymous user afterwards, the cookie is still detected,
    and it expires in 15 minutes?

    I need to get to the bottom of this issue. I can't have anonymous
    users redirected to a login page.
     
    , Oct 4, 2007
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pete
    Replies:
    1
    Views:
    574
  2. Eric
    Replies:
    2
    Views:
    1,765
    Tommy
    Feb 13, 2004
  3. coollzh
    Replies:
    0
    Views:
    1,375
    coollzh
    May 18, 2004
  4. Juan T. Llibre [MVP]
    Replies:
    4
    Views:
    3,320
    Patrick Olurotimi Ige
    Dec 9, 2004
  5. Pete
    Replies:
    0
    Views:
    203
  6. Dan Key

    Forms Authentication with Server Farm

    Dan Key, Dec 12, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    236
    Holly Mazerolle
    Dec 12, 2003
  7. Eric
    Replies:
    2
    Views:
    906
  8. Rohit
    Replies:
    0
    Views:
    196
    Rohit
    Nov 21, 2003
Loading...