Reputation: 3174
Forms authentication - sliding expiration
I think my sliding expiration is not happening and the people keep getting logged out after just a few minutes. Here is my setup, slidingExpiration is set to "true" and timeout i updated to "60" instead of 20 for testing purposes.
<authentication mode="Forms">
<forms name="Lab.ASPXFORMSAUTH" loginUrl="~/Login" enableCrossAppRedirects="true" cookieless="AutoDetect" domain="lab.org" slidingExpiration="true" protection="All" path="/" timeout="60" />
</authentication>
and here is the login code. If remember me is selected then the ticket expiration time will be one year from nw other wise it will be 20 mins from now.
private static void LoginUser(User user, bool isRememberMe)
{
//Forms Authentication
var expiryDateTime = isRememberMe ? DateTime.Now.AddYears(1) : DateTime.Now.AddMinutes(20);
var ticket = new FormsAuthenticationTicket(
1, // Ticket version
user.UserId, // Username associated with ticket
DateTime.Now, // Date/time issued
expiryDateTime, // Date/time to expire DateTime.Now.AddYears(1)
isRememberMe, // "true" for a persistent user cookie
JsonConvert.SerializeObject(user.Roles), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath); // Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
var hash = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent)
{
cookie.Expires = ticket.Expiration;
}
// Add the cookie to the list for outgoing response
HttpContext.Current.Response.Cookies.Add(cookie);
}
Looks like i have some disconnect going on between the web.config and the ticket expiry time. Do you see what i am doing wrong here? Thanks
Update #1:
Tested the dev site, logged in (FF and chrome) then refreshed the page after 5 mins and it kept me logged in. Then refreshed the page after 14mins and it redirected me to login page.
Tested the prod site (2 servers - load balanced), followed the dev site refresh interval, kept me logged in.
Upvotes: 2
Views: 12545
Answers (1)
Reputation: 3174
Scott Hanselman has detailed it here.
http://www.hanselman.com/blog/WeirdTimeoutsWithCustomASPNETFormsAuthentication.aspx
You may need to look into iisidle time out
https://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx
Got help at asp.net forums to fix the issue.
Upvotes: 2
Related Questions
- Form authentication slidingExpiration does not work
- Authentication session expires on ASP.NET MVC
- Forms Authentication Cookie Expiration
- ASP.NET Authentication sliding expiry time on custom ticket
- Forms authentication and session expiry
- ASP.NET Forms Authentication Expiry
- when to enable forms authentication sliding expiration
- ASP.NET MVC User Authentication expiration time
- Authentication cookie expiration
- Problems with ASP.NET Authentication ticket expiration