S
Simon Harvey
Hi All,
I'm hoping somebody could help me with the following problem.
I'm using forms authentication and the user is getting authenticated no
problem. Once authenticated the user can look at all the appropriate
pages and so on.
When the user is inactive for a set period of time, I want their
authentication ticket to expire. As I understand it, the next time the
user attempts to access the site after this has happened, the user
should be redirected to the login page. The problem is, this isn't
happening. I've set the time out for the cookie to the test value of 1
min in both the web config file and in code but the user is still
allowed to look around after 1 minute has elapsed. I can't figure out
why though.
In the Web Config file I have:
<authentication mode="Forms">
<forms name="QRVMToken" timeout="1" loginUrl="Login.aspx"
defaultUrl="Secure/Default.aspx"/>
</authentication>
Then in code I have:
// Create a ticket to expire in 1 minute
ticket = new FormsAuthenticationTicket(1, currentUser.QualifiedUsername,
DateTime.Now, DateTime.Now.AddMinutes(1), false, "",
FormsAuthentication.FormsCookiePath);
secureTicket = FormsAuthentication.Encrypt(ticket);
// Add to the cookie collection
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
secureTicket));
// Redirect from Login
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
I'm not sure but I think the problem might be something to do with the
redirect from login bit because as I understand it, that method also
adds a cookie and so maybe screwing with the one I've already attached.
The reason why I actually make one is because there doesnt seem to be
anyway to set the expiration of the RedirectFromLoginPage cookie
If anyone could offer some assistance on this I would be very very grateful
Kindest Regards
Simon
I'm hoping somebody could help me with the following problem.
I'm using forms authentication and the user is getting authenticated no
problem. Once authenticated the user can look at all the appropriate
pages and so on.
When the user is inactive for a set period of time, I want their
authentication ticket to expire. As I understand it, the next time the
user attempts to access the site after this has happened, the user
should be redirected to the login page. The problem is, this isn't
happening. I've set the time out for the cookie to the test value of 1
min in both the web config file and in code but the user is still
allowed to look around after 1 minute has elapsed. I can't figure out
why though.
In the Web Config file I have:
<authentication mode="Forms">
<forms name="QRVMToken" timeout="1" loginUrl="Login.aspx"
defaultUrl="Secure/Default.aspx"/>
</authentication>
Then in code I have:
// Create a ticket to expire in 1 minute
ticket = new FormsAuthenticationTicket(1, currentUser.QualifiedUsername,
DateTime.Now, DateTime.Now.AddMinutes(1), false, "",
FormsAuthentication.FormsCookiePath);
secureTicket = FormsAuthentication.Encrypt(ticket);
// Add to the cookie collection
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
secureTicket));
// Redirect from Login
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
I'm not sure but I think the problem might be something to do with the
redirect from login bit because as I understand it, that method also
adds a cookie and so maybe screwing with the one I've already attached.
The reason why I actually make one is because there doesnt seem to be
anyway to set the expiration of the RedirectFromLoginPage cookie
If anyone could offer some assistance on this I would be very very grateful
Kindest Regards
Simon