B
bashful.belle
I'm using Forms authentication and a non persistent cookie in my
asp.net application.
How do i get the cookie to time out after a period of inactivity, say
10 minutes, and force the user to login again?
If I close the browser, the next time I use the application, it makes
me log in - and That's fine.
However if I keep the browser session open, it keeps my login valid for
as long as the browser is open - I want it to time out.
Specifying the timeout value in the web.config seems to have no effect.
any pointers? Code appended. Thanks!
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group);
Page.SmartNavigation = false;
//Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,false));
asp.net application.
How do i get the cookie to time out after a period of inactivity, say
10 minutes, and force the user to login again?
If I close the browser, the next time I use the application, it makes
me log in - and That's fine.
However if I keep the browser session open, it keeps my login valid for
as long as the browser is open - I want it to time out.
Specifying the timeout value in the web.config seems to have no effect.
any pointers? Code appended. Thanks!
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group);
Page.SmartNavigation = false;
//Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,false));