Sessions and Forms Authentication Cookie

Discussion in 'ASP .Net' started by Bijoy Naick, Nov 16, 2004.

  1. Bijoy Naick

    Bijoy Naick Guest

    I have a folder on my site secured with Forms Authentication. After the user
    is authenticated, I set a session level variable.

    The session time on the server is set to 20 mins. I am guessing the default
    expiry time for the Forms Authentication cookie is 30 mins? Is this correct?

    So after 20 mins, the session expires (assuming no user activity), but
    because the forms auth cookie is still alive, users are not redirected to
    the login page. The other pages are not able to read the session level
    variable cuz the session has already expired.

    How do I go about changing the forms cookie expiry time? I've seen a timeout
    attribute to the forms tag that is used in Web.Config.. Is this what I
    should be using?
    Bijoy Naick, Nov 16, 2004
    1. Advertisements

  2. Bijoy Naick

    George Durzi Guest

    You can also set the expiration time of the forms authentication cookie in
    your web.config file.
    I set it so it's the same as my session timeout.
    George Durzi, Nov 16, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.