Forms Authentication Ticket Reissue

Discussion in 'ASP .Net Security' started by Stefan Leyhane, Mar 28, 2005.

  1. When using Forms Authentication with the SlidingExpiration attribute
    set to 'true', the authentication ticket is reissued sometime after
    half of the timeout value specified has elapsed.

    From the documentation:
    "To prevent compromised performance, and to avoid multiple browser
    warnings for users that have cookie warnings turned on, the cookie is
    updated when more than half the specified time has elapsed."

    How is it possible to trap the ticket reissue? I have not been able
    to find an event where I can catch it (even the Application_EndRequest

    Some more details: I'm using forms authentication with role-based
    security in a manner very close to the way it is documented many
    places such as at "".
    I'm storing the user's roles in the user data of the authentication

    I have the added complication that I need to explicitly set the domain
    on the authentication cookie since I share it with some other
    applications running in other subdomains. For example, if my
    application is running in '', the cookie domain gets set to
    ''. When the authentication ticket is reissued a cookie with
    the '' is being created instead -- causing all sorts of

    Any help is appreciated. Thanks,

    Stefan Leyhane, Mar 28, 2005
    1. Advertisements

  2. What path do you have configured in the path attribute in Forms
    configuration ? (the default "/" perhaps?)

    The ticket renewal will use the same path that you have configured in your
    forms config section or the ccokiepath parameter in RedirectFromLoginPage

    RedirectFromLoginPage(string userName, bool createPersistentCookie, string

    This article ( may
    be of help as well.
    Hernan de Lahitte, Mar 30, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.