Q regarding forms authentication and timeouts

[Mike Hofer]

Okay, so I finally figured out forms authenticaton, to a degree and I
still have one question:

If a user walks away from my application, and the cookie expires, and
then he comes back, does forms authentication automatically force him
back to my logon page? Or does the session just expire? Or does that
depend on whether or not the cookie expires before the IIS session?

Can someone help me out here?

Thanks

 

[Guest]

Actually Asp.net Works on session in two ways. Either CookieLess or Cookie
Based. Now when the yser walks away from your application and cookie expires
it means that session is expired and on coming back to the same website,
forms authentication will force him to go to Login page of your website.

Pls provide feedback so I can know how helpful my post is.

 

[Mike Hofer]

Okay, that makes sense (I think). So let's assume I'm using a
cookie-based session. If the cookie expires in 30 minutes, the user
will always be redirected to my logon page, right?

What happens if I'm not using a cookie? Does my session state just get
invalidated (wiped out)? Becaues that seems to be happening in an
application that I am currently working on that doesn't use forms
authentication. (It's all built from scratch.) I'm not sure if there's
a way that I can retrofit the application to programmatically sense
whether or not the session has expired.