ASP.NET MVC authentication cookie

Question

My web application authentication cookies times out after a day when I try to login again. I'm trying to access the application through a Nokia browser and Internet Explorer and both have the same behavior.

This is my Logon process:

    [HttpPost]
    [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings",
                      Justification = "Needs to take same parameter type as Controller.Redirect()")]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (MembershipService.ValidateUser(model.UserName, model.Password))
        {
            //FormsService.SignIn(model.UserName, model.RememberMe);
            FormsAuthenticationTicket Authticket = new
                        FormsAuthenticationTicket(1,
                        model.UserName,
                        DateTime.Now,
                        DateTime.Now.AddYears(1),
                        true,
                        "",
                        FormsAuthentication.FormsCookiePath);

            string hash = FormsAuthentication.Encrypt(Authticket);

            HttpCookie Authcookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

            if (Authticket.IsPersistent) Authcookie.Expires = Authticket.Expiration;

            Response.Cookies.Add(Authcookie);

            if (!String.IsNullOrEmpty(returnUrl))
            {
                return Redirect(returnUrl);
            }
            return RedirectToAction("Index", "Home");
        }
        ModelState.AddModelError("", "The user name or password provided is incorrect.");

        // If we got this far, something failed, redisplay form
        return View(model);
    }

My web.config settings:

<forms loginUrl="~/consignment/Account/LogOn" timeout="2880" protection="All" name=".consignmentauthadmin"/>

I'm trying:

    [HttpPost]
    [SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings",
                     Justification = "Needs to take same parameter type as Controller.Redirect()")]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (MembershipService.ValidateUser(model.UserName, model.Password))
        {
            //FormsService.SignIn(model.UserName, model.RememberMe);
            FormsAuthenticationTicket Authticket = new
                        FormsAuthenticationTicket(1,
                        model.UserName,
                        DateTime.Now,
                        DateTime.Now.AddYears(1),
                        true,
                        "",
                        FormsAuthentication.FormsCookiePath);

            string hash = FormsAuthentication.Encrypt(Authticket);

            HttpCookie Authcookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

            if (Authticket.IsPersistent) Authcookie.Expires = Authticket.Expiration;

            Response.Cookies.Add(Authcookie);

            if (!String.IsNullOrEmpty(returnUrl))
            {
                return Redirect(returnUrl);
            }
            return RedirectToAction("Index", "Home");
        }
        ModelState.AddModelError("", "The user name or password provided is incorrect.");

        // If we got this far, something failed, redisplay form
        return View(model);
    }

I don't want the authentication to expire until I log off from the application. What am I doing wrong?

Answer 1

Try looking at your webserver IIS application pool, it has an "application refresh" which is setup by default. turn it off... that should fix your problem.