cookie timeout


J

jbhabion

Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
<system.web>
<sessionState timeout="20" />
<authentication mode="Windows">
<forms name=".ComapanyCookie" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John
 
Ad

Advertisements

G

Guest

Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
 <system.web>
    <sessionState timeout="20" />
    <authentication mode="Windows">
       <forms name=".ComapanyCookie" loginUrl="login.aspx" />
    </authentication>
    <authorization>
       <deny users="?" />
    </authorization>
 </system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John

When you have authentication mode set to "Windows" why do you need to
"login" user again? Your web.config file has forms attribute which is
for custom Forms-based authentication.

http://msdn.microsoft.com/en-us/library/532aee0e.aspx
 
J

jbhabion

Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John
 
Ad

Advertisements

G

Guest

Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John

Hi John,

If you have already logged on to Windows, and the browser is
configured to automatically send credentials, Integrated Windows
authentication uses your logon information to authenticate you, so it
won't prompt you for a username and password. To force a logon dialog
try to send HTTP 401 message

Response.StatusCode = 401;
Response.StatusDescription = "Unauthorized";
Response.End();

How to detect a timeout
http://www.google.com/search?hl=en&q=detect+timeout+asp.net

Hope this helps
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top