forms authentication ticket expiration problem

Discussion in 'ASP .Net Security' started by tparks69, Feb 17, 2005.

  1. tparks69

    tparks69 Guest

    I have set up forms based authentication according to the KB article
    (http://support.microsoft.com/kb/308157/EN-US/) using the
    FormsAuthenticationTicket based method. I have the timeout parameter set to
    "2" in web.config, and also in the code that creates the ticket. When I
    refresh default.aspx after waiting 2 minutes, I should get bounced back to
    loginform.aspx, but it doesn't happen. Can anyone tell me why? Code below:

    From web.config:
    *************
    <authentication mode="Forms">
    <forms name="MyApp011" path="/" loginUrl="LoginForm.aspx"
    protection="All" timeout="2"></forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    *************

    From loginform.aspx:
    ****************
    tkt = New FormsAuthenticationTicket(1, txtUserId.Value, DateTime.Now(), _
    DateTime.Now.AddMinutes(2), chkPersistCookie.Checked, "your
    custom data")
    cookiestr = FormsAuthentication.Encrypt(tkt)
    ck = New HttpCookie(FormsAuthentication.FormsCookieName(),
    cookiestr)
    If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
    ck.Path = FormsAuthentication.FormsCookiePath()
    Response.Cookies.Add(ck)
    ***************

    Any suggestions greatly appreciated.

    Tom
     
    tparks69, Feb 17, 2005
    #1
    1. Advertisements

  2. tparks69

    PL Guest

    Try setting slidingExpiration="false" in the <forms ..>

    PL.
     
    PL, Feb 17, 2005
    #2
    1. Advertisements

  3. tparks69

    tparks69 Guest

    That seems to have done it. Thanks!

     
    tparks69, Feb 17, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.