Forms Authentication timeout

Home About Me Contact Me RSS ATOM Site Map

- Posts By Date

April 2009 (2)
April 2009 (1)
April 2009 (1)
March 2009 (1)
March 2009 (1)
March 2009 (2)
March 2009 (1)
March 2009 (1)
March 2009 (1)
March 2009 (1)
March 2009 (1)
February 2009 (1)
January 2009 (1)
January 2009 (1)
January 2009 (1)
January 2009 (1)
January 2009 (1)
December 2008 (1)
December 2008 (1)
November 2008 (1)
October 2008 (1)
October 2008 (1)
October 2008 (1)
October 2008 (1)
September 2008 (1)
August 2008 (1)
July 2008 (1)
July 2008 (1)
July 2008 (1)
July 2008 (1)
July 2008 (1)
July 2008 (1)
June 2008 (1)
June 2008 (1)
May 2008 (1)
May 2008 (1)
April 2008 (1)
April 2008 (1)
April 2008 (1)
April 2008 (1)
March 2008 (1)
March 2008 (1)
March 2008 (1)
March 2008 (3)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (2)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (2)
February 2008 (2)
February 2008 (1)
February 2008 (1)
February 2008 (2)
February 2008 (1)
February 2008 (1)
February 2008 (1)
February 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (2)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
January 2008 (1)
December 2007 (1)
December 2007 (1)
December 2007 (2)
December 2007 (1)
December 2007 (1)
December 2007 (1)
December 2007 (1)
December 2007 (1)
December 2007 (1)
December 2007 (1)
December 2007 (1)
November 2007 (1)
November 2007 (1)
November 2007 (1)
November 2007 (1)
October 2007 (1)
October 2007 (1)
October 2007 (1)
October 2007 (1)

- Search The site

Subscribe by Email

- Sites I visit

JustLikeThat
Why Not
Farghana
ScottGu
Techolyvia
Rimjhim

- Recent Blogs

Follow My blogs updates on Twitter

Managed Extensible Framework preview 5 released on Codeplex

Using Page.ParseControl to add new control from Control Tag

C Sharp goto statement for breaking the nested loop

Sharepoint Incremental Crawl taking a long time after adding or removing a user

Final CTP for Visual Studio 2008 extensions for Sharepoint is released

Microsoft releases MVC 1.0, Silverlight 3.0 Beta 1, and Expression Blend 3.0 preview

Preview of Microsoft Ajax 4.0 available for download

Using Windows Scheduler to call an URL at specific interval

KOBE – A resource kit from Microsoft for web 2.0 Application and services

Adding bookmark of the site with the help of JavaScript

Half day training covering Microsoft Security Technologies and System in Kolkata

Programmatically make web requests against an HTTP server using HttpWebRequest class

Starting an incremental crawl in Share point programmatically

Ramp Up Free Sharepoint training

Forms Authentication timeout

Forms Authentication timeout and session time out are different and independent of each other

Posted on 9/22/2006 8:08:46 AM in #ASP.NET 2.X

Here is something I came across that was very interesting. In asp.net we can set the time out for both Form Authentication and Session. These two times can be different.

Hence you can have Forms Authentication time-out is greater than the Session time-out.

[Note: there is a difference in Version 2.0 from V1.X that the value for cookie Expiree (Time-out) is set for both the persistent and non-persistent setting (previously it was only used for the non-persistent case). Previously, the persistent duration was just hard-coded to a really long time]

Although it’s a little bit hard for me to understand how you can time-out and persistent cookie and still say it’s persistent.

Now when we configure the Forms Authentication in the web.config we can set the value for SetAuthCookie (This is the second parameter). This indicates whether the browser should save the cookie persistently or expires it when the browser shut down.

So we can have

FormsAuthentication.SetAuthCookie("VikramLakhotia",
true);

FormsAuthentication.SetAuthCookie("VikramLakhotia",
false);

In the first case we will cause the cookie to persist
And in the second case the cookie will not persist.

So what can be Interesting in it?

Here is what is interesting. Now lets say we are using Forms Authentication with SetAuthCookie =true. (The first Scenario)

Now if I login to the Site, and then close the browser and start a new browser (no ctrl + n) or file-> new but opening in a new window)) and go the same site. You would be thinking of being logged in again but that’s now true. Although each independently started browser creates a new session but you will still find your self logged in. The reason is the second parameter in the Forms Authentication. We have left the SetAuthCookie true. Which means the cookie will survive the browser restart. So if you want the Forms Authentication to force a new login every time a browser starts use the second option. Or else you can also make a checking in the session start event to see if the user is authenticated or not. If the user is authenticated then we can load the session data again for the given user.

[Note the default timeout for Forms Authentication has been changed to 30 minutes in ASP.NET 2.0]

Hope this Helps
Thanks
Vikram

Share this post Email it | digg it! | reddit! | bookmark it!

Feedback

Please post your comments:

Name:

Email (optional): Your email address will not be posted.

URL (optional):

Comments: HTML will be ignored, URLs will be converted to hyperlinks