Andre Pena
Reputation: 59336
What's the difference between the timeout property specified in the Web.Config and the ExpiryDate property of the FormsAuthenticationTicket?
In the Web.Config we have a timeout property. Ex:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880"/>
</authentication>
When loggin in, we can specify a ticket expiry date. Ex:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, id.ToString(), DateTime.Now, expiryDate, true,
securityToken, FormsAuthentication.FormsCookiePath);
Why there's two places where I can set expiration info about forms-authentication? What's the difference between them? What has more relevance?
Upvotes: 0
Views: 254
Answers (1)
Mart
Reputation: 512
The timeout in web.config is session-level timout. Eg. if user is inactive for 30 mins (default) then he or she will be prompted to log in again.
The expiryDate in FormsAuthenticationTicket is the expiry date for the cookie if you use "remember me" feature.
Upvotes: 2
Related Questions
- Forms authentication timeout vs sessionState timeout
- timeout setting inside the web.config's <authentication> tag
- ASP.NET Forms authentication timeout expires too soon
- Forms Authentication Timeout vs Session Timeout
- Authentication Cookie time-out in IIS and Web config, which will expire first?
- Differences in forms auth timeout and session timeout
- FormsAuthenticationTicket.expiration v web.config value timeout
- Session timeout vs Form Authentication timeout
- What is different between forms Authentication timeout vs session timeout in Asp.net application?
- asp.net FormsAuthentication : how to set multiple timeout values in the config file?