San
San

Reputation: 2346

Session that never expires like on stackoverflow.com, unless the user clicks logout

I am building a asp.net mvc application. I want session to never expire, once the user login, unless the user clicks on logout.

Whats the best way of doing it?

I have used

FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);

and set createPersistentCookie to true, but still I get logged out after sometime.

Upvotes: 3

Views: 2112

Answers (2)

Franci Penov
Franci Penov

Reputation: 76021

Implement sliding expiration. Leave the expiration time to some reasonable value - day, two, week max; renew the cookie on each request (simplest) or at certain intervals.

Upvotes: 6

Chris
Chris

Reputation: 28064

FormsAuthentication cookies use the timeout value to determine expiration. The createPersistentCookie flag just tells the API to set an expires value, rather than allowing the cookie to expire when the browser is closed. To prevent expiration, increase the forms authentication timeout value in the web.config. That value is in minutes, so to force the cookie to last one year, use 525600.

Upvotes: 1

Related Questions