Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / July 2005

Tip: Looking for answers? Try searching our database.

Forms authorization cookie always set to expire in 2055?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Amil - 22 Jul 2005 16:33 GMT
I'm using Forms authorization.  In my <forms> section I have timeout="30",
but when I examine the cookie, it shows it expiring in 2055?  Why?

  <authentication mode="Forms">
     <forms
        loginUrl="/login.aspx"
        protection="All"
        timeout="30"
        path="/">
        <credentials passwordFormat="Clear">
           <user name="guest" password="xxxxxxx" />
        </credentials>
     </forms>
   </authentication>
Reply to this Message
Brock Allen - 22 Jul 2005 17:00 GMT
Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen

> I'm using Forms authorization.  In my <forms> section I have
> timeout="30", but when I examine the cookie, it shows it expiring in
[quoted text clipped - 11 lines]
> </forms>
> </authentication>
Reply to this Message
Amil - 22 Jul 2005 17:18 GMT
So, what good is setting the "timeout" value in the <form> section?  Maybe
you didn't read my post accurately.

> Because they hard coded it to expire after 50 years. You can change that
> (albeit manually).
[quoted text clipped - 18 lines]
>> </forms>
>> </authentication>
Reply to this Message
Brock Allen - 22 Jul 2005 17:40 GMT
The timeout is used when it's not a persistent cookie. IOW, the boolean parameter
to FormsAuthentication.SetAuthCookie. The docs cover this (except where it
says "Persistent cookies do not time out.". They do time out after 50 years,
as you discovered):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/g
ngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen

> So, what good is setting the "timeout" value in the <form> section?
> Maybe you didn't read my post accurately.
[quoted text clipped - 20 lines]
>>> </forms>
>>> </authentication>
Reply to this Message
Amil - 22 Jul 2005 23:14 GMT
Ahh...yes...now I see.  I set the persistant parameter to false and now it
works.  Thanks.

Amil

> The timeout is used when it's not a persistent cookie. IOW, the boolean
> parameter to FormsAuthentication.SetAuthCookie. The docs cover this
[quoted text clipped - 31 lines]
>>>> </forms>
>>>> </authentication>
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.