How to achieve SlidingExpiration with Cookieless Authentication? Is it possible

Question

is it possible to achieve sliding expiration using cookieless authentication in asp.net. Here is my web.config authentication section:

 <authentication mode="Forms">
   <forms loginUrl="login.aspx"
          protection="All"
           timeout="2880"
           name=".USERLOGINCONTROLAUTH"
           path="/"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="login.aspx"
           cookieless="false"
           enableCrossAppRedirects="false"/>
  </authentication>

I've tried setting slidingExpiration attribute to true but no luck. Later I also went through MSDN documentation and it says it extends the timeout of valid cookies. Please help. Thanks a lot in advance !

Answer 1

Based on what I see in the MSDN documentation the only valid settings for the cookieless attribute are UseUri, UseCookies, AutoDetect and UseDeviceProfile. Additionally I found this post that suggests that you should not slide your expiration without cookies.

The problem is that with cookieless forms authentication, the ticket is actually part of the Url. When the timeout is updated in the ticket, that means the serialized text representation of the ticket also changes. As a result we need to change the Url itself to reflect the new value. Unlike cookies, you can’t rewrite a Url on the server and have the client transparently pick up the new Url. Instead you have to force a redirect because the redirect forces the browser to reload the document and update the Url that you see in the address bar.