Costa
Costa

Reputation: 4095

Session timeout vs Form Authentication timeout

What is the difference between a abandon Session and a cookie timeout, what if the session is abandon and the cookie is still alive, is that can lead to a problem?

<sessionState timeout="1" />

<authentication mode="Forms">
      <forms loginUrl="login.aspx" timeout="1" />
</authentication>

Thanks

Upvotes: 3

Views: 721

Answers (1)

Brian Mains
Brian Mains

Reputation: 50728

I don't believe that leads to a problem. Session timeout is specific to the session state mechanism, but for forms, the timeout is specific to the cookie that retains the user's credentials.

In an app of mine, the user is still logged in as the session times out, but once the auth cookie times out, the user has to log in again.

HTH.

Upvotes: 1

Related Questions