Hi Joey,
One possibility is that your logon page is being cached somewhere. This is
described in an article.
263730 Site Server Users May Be Authenticated Under the Wrong Account
http://kb/article.asp?id=Q263730
Try adding this to your logon page.
Response.Cache.SetCacheability(HttpCacheability.No Cache)
---
The next step is to try a sample application to see if it has the same
problem. Please create a new project according to this article:
http://msdn.microsoft.com/library/en...lecookieauthen
tication.asp
Does it have the same problem?
Thank you, Mike
Microsoft, ASP.NET Support Professional
Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security.
This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------[color=blue]
> From:
joey.powell@goldcoinc.com (Joey Powell)
> Newsgroups: microsoft.public.dotnet.framework.aspnet
> Subject: Forms Authentication Cookies Never Expire
> Date: 3 Dec 2003 20:27:47 -0800
> Organization:
http://groups.google.com
> Lines: 32
> Message-ID: <bdaf8387.0312032027.37ce8212@posting.google.com >
> NNTP-Posting-Host: 69.29.57.101
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 8bit
> X-Trace: posting.google.com 1070512067 21189 127.0.0.1 (4 Dec 2003[/color]
04:27:47 GMT)[color=blue]
> X-Complaints-To:
groups-abuse@google.com
> NNTP-Posting-Date: Thu, 4 Dec 2003 04:27:47 +0000 (UTC)
> Path:[/color]
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftng xa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!ne
ws.maxwell.syr.edu!postnews1.google.com!not-for-mail[color=blue]
> Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:194303
> X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
> This message was originally posted to the aspnet.security newsgroup,
> but no one there has ever heard of this before. That is why I am
> posting this message here, so that more people will see it...
>
> On my asp.net application, suddenly the forms authentication cookies
> for clients have quit expiring. This results in users being able to
> access the site from day to day without having to log in, even if
> their
> browers are closed and reopened hours apart or even if their machines
> are rebooted. This behavior did not occur in my application at first.
> The problem only began after I modified the web.config file from not
> having a timeout value at all (which should have used the default
> value of
> 30mins?) to a custom value of timeout="10". Anyways that wouldn't work
> right for some reason, so I took that out and went back to no entry
> for
> the timeout value. Now the cookies never expire! What in the world is
> going on here?
>
> ---
> UPDATE
>
> I have also manually logged out using .SignOut() several times, but
> the cookies again do not expire/time-out once the users log back in. I
> have also cleared cookies...same results. I have verified that
> timeout="30" is present in the authentication tag of web.config just
> after the loginUrl value, but still the cookies are not expiring on
> ANY client machines...this is crazy!!!
>
> This has been going on now for a couple of weeks and is getting
> extremely irritating. Does anyone have a clue about what I can do to
> make it work again?
>[/color]
