cookie timeout

J

jbhabion

Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
<system.web>
<sessionState timeout="20" />
<authentication mode="Windows">
<forms name=".ComapanyCookie" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John
 
G

Guest

Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
 <system.web>
    <sessionState timeout="20" />
    <authentication mode="Windows">
       <forms name=".ComapanyCookie" loginUrl="login.aspx" />
    </authentication>
    <authorization>
       <deny users="?" />
    </authorization>
 </system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John
Click to expand...

When you have authentication mode set to "Windows" why do you need to
"login" user again? Your web.config file has forms attribute which is
for custom Forms-based authentication.

http://msdn.microsoft.com/en-us/library/532aee0e.aspx
 
J

jbhabion

Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John
 
G

Guest

Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John
Click to expand...

Hi John,

If you have already logged on to Windows, and the browser is
configured to automatically send credentials, Integrated Windows
authentication uses your logon information to authenticate you, so it
won't prompt you for a username and password. To force a logon dialog
try to send HTTP 401 message

Response.StatusCode = 401;
Response.StatusDescription = "Unauthorized";
Response.End();

How to detect a timeout
http://www.google.com/search?hl=en&q=detect+timeout+asp.net

Hope this helps
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot set timeout with asp.net 1.1 over than 20 minutes 5
What am I doing wrong with authentication? 3
Restrict access to Classic ASP pages in web.config 2
Forms timeout, Session timeout 0
Non persistent cookie timeout? 8
timeout 5
Timeout not working for Formauthentication 1
Authentication Ticket Timeout 5

Members online

Total: 39 (members: 2, guests: 37)
Robots: 428

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,014
Latest member
BiancaFix3

Latest Threads

Top