Reputation: 2953
Control of user session with ASPXAUTH cookie and asp.net_sessionID cookies
If I have an ASPXAUTH cookie set as a session cookie, timeout 10 minutes, but no asp.net_sessionID cookie, will the user timeout in a) ten minutes from login b) ten minutes from their last request to the server
Will this behaviour change if I also send an asp.net_sessionID cookie?
This is for a JSON service built on a Sitecore backend providing content for a native iPad app.
Upvotes: 3
Views: 1932
Answers (1)
Reputation: 2077
The aspxauth cookie timeout is from the time the last request was received.
Timeout
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received.
See the msdn link for details
The ASP.NET_SessionId cookie is used to track session state, its unrelated to the ASPXAUTH cookie which is purley for authentication purposes.
Upvotes: 5
Related Questions
- ASP.NET Core Identity & Cookies
- How to secure the ASP.NET_SessionId cookie?
- ASP.NET Core MVC Session Auth cookies
- .netcore Session Secure cookie
- Login in ASP.NET
- Sharing ASP.NET_SessionId and .ASPXAUTH cookie security risk
- ASP.NET How to Use SESSION and Cookies together?
- Cookies and session in asp.net
- session,cookies in asp.net c#
- ASP.Net session and cookies for keeping someone logged in