CODEWITHSUNDEEP
c#asp.netiis-7.5asp.net-4.0
Rocky Singh
Rocky Singh

Reputation: 15430

ASPX auth cookie expiration time is always 30 minutes

I have set the the cookie expiration time to 1 month but when I look the expiration timeout of .ASPXAUTH cookie in browser it says 30 minutes ahead from now.

var ticket = new FormsAuthenticationTicket(1, "myname", DateTime.Now,
                                                        DateTime.Now.AddMonths(1), true, "test");
string ticketString = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketString)
                 {
                     Expires = DateTime.Now.AddMonths(1),
                     Path = FormsAuthentication.FormsCookiePath
                 };
HttpContext.Current.Response.Cookies.Add(cookie);

Can you let me know why the above code is behaving so, I want to change the expiration time but it is always coming 30 minutes.

Upvotes: 10

Views: 7346

Answers (3)

Imran Rizvi
Imran Rizvi

Reputation: 7438

Check you web.config file, there should be FORM entry under following element system.web -> authentication .

check the timeout property there, is it set to 30 minutes?

remove this form authentication tag from there.

Upvotes: 3

Moshisho
Moshisho

Reputation: 2981

With the advice from the other answers I got to this link.

Apparently, in ASP.NET it checks the expiration in the Web.config and doesn't take the expiration from the cookie. So you need to add to the config file inside <system.web>:

<authentication mode="Forms">
  <forms
 name=".ASPXAUTH"
 loginUrl="Login.cshtml" //your login page
 defaultUrl="Default.cshtml" //your default page
 protection="All" //type of encryption
 timeout="43200" //a month in minutes
 path="/"
 requireSSL="false"
 slidingExpiration="true" //Every refresh the expiration time will reset
 cookieless="UseDeviceProfile" //Use cookies if the browser supports cookies
 domain=""
 enableCrossAppRedirects="false">
    <credentials passwordFormat="SHA1" />
  </forms>
</authentication>

Upvotes: 4

Dmitry Bogatykh
Dmitry Bogatykh

Reputation: 495

Do you require to set this timeout programmatically or is it ok to set it in configuration file? There is a timeout parameter, which indicates authentication cookie timeout: http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx

Default value of this parameter is 30 minutes.

Best regards, Dmitry

Upvotes: 4

Related Questions