problem with slidingExpiration

[Alessandro Zucchi]

Hi all,
I'm trying to use Forms authentication with slidingExpiration option set to
true since I want permit users to stay logged in when they use the web
application. Only idle timeout must logged out the users.

***********************************************************
Follow the code:

string CF="ZCCLSN70R21C816A";
int expiration=2;
DateTime dt= DateTime.Now;
DateTime dte=dt.AddMinutes(expiration);
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
expiration);

//cripto l'authentication ticket
string cookiestr = FormsAuthentication.Encrypt(tkt);
//creo il cookie
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
cookiestr);
//aggiungo il cookie
//ck.Expires=tkt.Expiration;
Response.Cookies.Set(ck);

***********************************************
Follow Web.config
<!--Pagina di login-->
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="miocook" protection="All" path="./"
timeout="2" slidingExpiration="true" />
</authentication>

<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>

<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="30"
/>
**********************************************************
The problem is that after 2 minutes, also if I use the application, the
cookie expire.
It look to me that the flag slidingExpiration has no effect.

Anyone can help me ?
By

 

[Hernan de Lahitte]

I think you should use the typical "RedirectFromLoginPage()" so you allow
the Forms Auth internal data to initialize appropriately.
For your scenario, this would be something like the sample below:

RedirectFromLoginPage(CF, false)

This may replace all your ticket/cookie stuff and will actually use your
config settings as well.

 

[Alessandro Zucchi]

Hi Hernan,

I tried your solution , but doesn't run. Follow the complete code.
********************************************************
string CF="ZCCLSN70R21C816A";
FormsAuthentication.Initialize();
Response.Cookies.Clear();
//Creo il ticket
int expiration=2;
DateTime dt= DateTime.Now;
DateTime dte=dt.AddMinutes(expiration);
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(CF,false,
expiration);

//cripto l'authentication ticket
string cookiestr = FormsAuthentication.Encrypt(tkt);

//creo il cookie
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName,
cookiestr);
//aggiungo il cookie
//ck.Expires=tkt.Expiration; //NON SERVE NEI "NON PERSINSTANCE COOKIES"
Response.Cookies.Set(ck);

//Redirec on protected page
FormsAuthentication.RedirectFromLoginPage(CF, false); // Target on protected
page.
//Response.Redirect("./path/relpath.aspx",true);
**********************************************************
After 2 minutes the user is logged out also if I use the application
(multiple refresh on protected page).

By

 

[Hernan de Lahitte]

Check out the path attribute in your config file. It should be "/" (without
dot ".")

On the other hand, if you are using .NET Framework v.1.1 SP2, notice that
the criteria to renew the ticket when slidingExpiration is turned on is
something like this:

If elapsedTime <= TTL / 2 Then renew Otherwise use the current ticket.

In other words, if the elapsed time since ticket creation is greater then
half the ticket timeout (in your scenario would be 1 minute) the the ticket
won't be renewed. Otherwise a new ticket will be granted with a fresh
timeout (2 mins in your case).
Summarizing, if you hit your page after 1 minute, it won't extend your Forms
session lifetime regardless your slidingExpiration setting.


-
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

 

[Alessandro Zucchi]

Thank you.
The problem was "./" instead of "/".
Now all run.
Bye