FormsAuthentication Timeout not reset

Discussion in 'ASP .Net Security' started by Chuck, Sep 29, 2009.

  1. Chuck

    Chuck Guest

    I'm using forms authentication with a 50 minute timeout and sliding expiration.
    The ticket expiration value is not being reset after greater than 25
    minutes. I have session variables turned off.
    I'm using roles and have the same experience whether I use role cookies or
    No async postbacks on the page.

    I setup an nUnit test which postsbacks the page every minute.
    I log the authentication ticket expiration time value every post.

    The ticket.Expiration value is not changing.
    After 50 minutes I am redirected to the login page.
    Chuck, Sep 29, 2009
    1. Advertisements

  2. Hi,

    I did a test following your description but I cannot reproduce this
    problem. For test purpose I set timeout to one minute. Then I click the
    button every few seconds. 30 seconds elapsed after the first page load and
    the expire time is updated on the next postback. My test code is like below:


    protected void Page_Load(object sender, EventArgs e)
    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    var expire= id.Ticket.Expiration;
    Response.Write("expiration:" + expire);


    <form id="form1" runat="server">

    <input id="time" />
    <asp:Button ID="Button1" runat="server" Text="Button" />

    <script type="text/javascript">
    var seconds = 0;
    function timedMsg() {
    document.getElementById("time").value = seconds;
    var t = setTimeout("timedMsg()", 1000);
    var d = new Date();

    var curr_hour = d.getHours();
    var curr_min = d.getMinutes();
    var curr_sec=d.getSeconds();
    document.write(curr_hour + " : " + curr_min + ":" + curr_sec);



    <forms loginUrl="Login.aspx" timeout="1" slidingExpiration="true">


    Could you please create a new project to test the above code? Does it work?

    As far as I know it's unlikely that the internal mechanism of ASP.NET
    breaks. Are you using custom HttpModule for authentication? Please read the
    following article which describes a similar issue:

    Please let me know your test result. We can then work together to do
    further investigation.

    Allen Chen
    Microsoft Online Support

    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:

    Get notification to my posts through email? Please refer to

    Note: MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 2 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions. Issues of this
    nature are best handled working with a dedicated Microsoft Support Engineer
    by contacting Microsoft Customer Support Services (CSS) at
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Allen Chen [MSFT], Sep 30, 2009
    1. Advertisements

  3. Chuck

    Chuck Guest


    We are sharing the FormsAuthentication cookies across servers.
    We found the sliding timeout does not work unless you set the optional Forms
    Authentication parameter for domain (which overrides the cookie domain).

    Don't know why but that setting fixed it.
    Chuck, Oct 5, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.