473,799 Members | 2,999 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms Authentication Cookie Does Not Expire

On my asp.net application, suddenly the forms authentication cookies
for all clients have quit expiring. This results in users being able
to
access the site from day to day without having to log in, even if
their
browers are closed and then reopened hours apart or even if their
machines
are rebooted.

This behavior did not occur in my application at first. The problem
only began after I modified the web.config file from not having a
timeout value at all (which should have used the default of 30mins?)
to a custom value of timeout="10". Anyways that wouldn't work right
for some reason so I took that out and went back to no entry for the
timeout value. That is when the problem started happening. Now, even
though I have manually added the timeout value back in and set it to
30, the cookies still never expire! I have posted a snippet of the
web.config file below as it is now...

<authenticati on mode="Forms">
<forms loginUrl="LogIn .aspx" timeout="30">
<credentials passwordFormat= "Clear">
<user name="SomeUser" password="SomeP assword"/>
</credentials>
</forms>
</authentication>

<authorizatio n>
<allow users="*"/>
</authorization>

The following section was added to secure the private parts of the
site...

<location path="Portal">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>

As you can clearly see, I have indicated a [timeout="30"] value in the
forms tag. I have also done several builds/compiles, but the
authentication cookies never expire. What in the world is going on
here?
Nov 18 '05 #1
1 1882
Hi Joey,

I think you can try to change the name property for Form elment in
web.config. This property specifies the HTTP cookie to use for
authentication. If there is something wrong with your previous cookie's
expire, a new cookie will force it get refresh.

If there problem still occur, you may check the authorication setting for
your web application. <deny users="?"/> only deny anonymous user, not all
"invalid" user.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
3856
Forms Authentication Cookies Never Expire
by: Joey Powell | last post by:
This message was originally posted to the aspnet.security newsgroup, but no one there has ever heard of this before. That is why I am posting this message here, so that more people will see it... On my asp.net application, suddenly the forms authentication cookies for clients have quit expiring. This results in users being able to access the site from day to day without having to log in, even if their browers are closed and reopened...
ASP.NET
3
4744
Forms authentication - credential store
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I cannot write to web.config so I cannot dynamically update the credentials while the site is up. Since the FormsAuthentication.Authenticate() method's documentations claims the following: "Attempts to validate the credentials against those contained...
ASP.NET
5
1774
Forms Login Page Not Login Out
by: Kenneth Keeley | last post by:
Hi, I have a web app that has forms authentication and I can login to the page the first time I go there but it never times me out if I come back in 24 hours a hit the refresh key the page loads and I am still logged in. My session details are gone but I am still logged. These are the settings I am using are they right or do I need to change them? <system.web> <authentication mode="Forms">
ASP.NET
3
2365
Forms Authenication Cookie Not Expiring Correctly
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have expired the forms authentication cookie is assigned a new value. I am never redirected to the login page after my initial login. If I access the site from http://localhost/myapp instead of myapp.domain.com the cookies expire correctly. The cookie...
ASP.NET
2
2744
Forms authentication cookies not expiring...
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent results. Any pointers/suggestions would be very appreciated. Things were running as usual till until recently. Here are the relevant pieces of code ==========================================
ASP.NET
2
1713
Trying to figure out forms authentication
by: Randall Parker | last post by:
Some questions on forms authentication: 1) Can one do one's own checking of username and password and totally bypass calling FormsAuthentication.Authenticate? 2) does the "new FormsAuthenticationTicket" create a cookie? 3) Can one send the cookie back to the browser just by doing the new call on the FormsAuthenticationTicket?
ASP.NET
2
1300
Q regarding forms authentication and timeouts
by: Mike Hofer | last post by:
Okay, so I finally figured out forms authenticaton, to a degree and I still have one question: If a user walks away from my application, and the cookie expires, and then he comes back, does forms authentication automatically force him back to my logon page? Or does the session just expire? Or does that depend on whether or not the cookie expires before the IIS session? Can someone help me out here?
ASP.NET
3
1335
A little problem with Forms authentication :-(
by: Simon Harvey | last post by:
Hi All, I'm hoping somebody could help me with the following problem. I'm using forms authentication and the user is getting authenticated no problem. Once authenticated the user can look at all the appropriate pages and so on. When the user is inactive for a set period of time, I want their authentication ticket to expire. As I understand it, the next time the
ASP.NET
10
5256
Forms Authentication in ASP.NET 2.0
by: Peter Bradley | last post by:
We are in the process of designing our first ASP.NET 2.0 application and have discovered that Forms Authentication works completely differently in ASP.NET 2.0. For a number of reasons, we cannot use the standard login component supplied with ASP.NET 2.0 (e.g. we need full control of the look and feel - including using CSS and not tables for layout - and we need to be able to handle the authentication cookie ourselves rather than let a...
ASP.NET
0
9688
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9546
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10268
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
10031
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9079
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5467
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5593
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4146
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3762
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us