473,756 Members | 7,817 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

What relationship between cookie and ticket expiration?

Hello all,

I am working on forms authentication and trying to understand: what's the
relationship between the cookie expiration and the ticket expiration? I
create a cookie and I add an encrypted ticket to it. Both of these have an
expiration date, but I'm not seeing how to use them. Does it make sense that
these dates would ever differ?

Thanks,

Bill
Nov 19 '05 #1
2 1879
=?Utf-8?B?QmlsbCBCb3J n?= <Bi******@discu ssions.microsof t.com>
wrote in news:BA******** *************** ***********@mic rosoft.com:
Hello all,

I am working on forms authentication and trying to understand:
what's the relationship between the cookie expiration and the
ticket expiration? I create a cookie and I add an encrypted
ticket to it. Both of these have an expiration date, but I'm not
seeing how to use them. Does it make sense that these dates
would ever differ?


Bill,

There's really no relationship, and in practice both dates are
usually the same.

The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).

The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.

--
Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/
Nov 19 '05 #2
Excellent help...thanks.

"Chris R. Timmons" wrote:
=?Utf-8?B?QmlsbCBCb3J n?= <Bi******@discu ssions.microsof t.com>
wrote in news:BA******** *************** ***********@mic rosoft.com:
Hello all,

I am working on forms authentication and trying to understand:
what's the relationship between the cookie expiration and the
ticket expiration? I create a cookie and I add an encrypted
ticket to it. Both of these have an expiration date, but I'm not
seeing how to use them. Does it make sense that these dates
would ever differ?


Bill,

There's really no relationship, and in practice both dates are
usually the same.

The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).

The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.

--
Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/

Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
2362
Forms Authenication Cookie Not Expiring Correctly
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have expired the forms authentication cookie is assigned a new value. I am never redirected to the login page after my initial login. If I access the site from http://localhost/myapp instead of myapp.domain.com the cookies expire correctly. The cookie...
ASP.NET
15
3650
COOKIE EXPIRATION TIME
by: Oleg Leikin | last post by:
Hi, (newbie question) I've created some simple .NET ASP application that should store cookies at the client machine. According to the documentation cookie expiration time is set via HttpCookie.Expires property, but property value is the time of day on the client. How can I possibly know client local time ?
ASP.NET
0
1893
IsAuthenticated times out with non-persistent cookie - Why/How?
by: Kepler | last post by:
I'm testing very basic FormsAuthentication and having trouble with non-persistent cookies. Once authenticated with a non-persistent cookie, if I leave the browser alone for 30 minutes, Request.IsAuthenticated returns false on my next request. WHY? At first I thought it had to do with session timeout, but session timeout is set to 20 minutes, and I'm still authenticated after 20 minutes. Thirty minutes is the magic number. I'm at a loss...
ASP.NET
3
2305
Forms Authentication Ticket/Cookie values
by: chuck rudolph | last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some light on why it's as it is. (I'm guessing security, but that seems weak to me.) The asp.net web application is using forms authentication. If I create an FormsAuthTicket with userdata in the approprite place. Then encode it and create a cookie, add it to the response.cookie collection and use it all is well.
ASP.NET
8
2646
ASP.NET 2.0 RTM breaks FormsAuthentication.SetAuthCookie cookie
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted, even though the flag is set to true in my call. This only started happening after upgrading from Beta 2 to RTM. Has anyone else seen this or does anyone else have a workaround? Thanks, Bill
ASP.NET
15
2137
persistant cookie, what is it?
by: Edwin Knoppert | last post by:
I have searched but info is limitted. In my test app i used a non persistant cookie for forms authentication. slidingExpiration is set to true On run and close and rerun the login remains ok. I have a time-out of one minute and indeed, it directs me to the login if i wait to long. The slidingExpiration does it's work also.
ASP.NET
5
2226
Cookie expiration issues
by: SJ | last post by:
Hi, In my website, i have a cookie that allows the user to remain logged in for upto 90days. So I'm setting the cookie expiration time to 90 days in the future from the time the user logs in. I've been testing my code and for some reason, the cookie expires randomly before even 24 hrs has passed. Yesterday it expired after 11hrs and 20mins. Any idea why my cookie expiration isn't working?
ASP.NET
1
4471
Authentication Cookie not in Request.Cookies
by: Joe | last post by:
In ASP.NET 1.1 I could detected expired form authentication tickets (which closely coincide with my expired session) by checking for the Authentication Cookie when the login screen loads. If the cookie exists, then decrypt the forms auth. ticket and check to see if it is expired. If so display a message to the user letting them know why they are back on the login screen. The code I used was something like this: Dim cookie as HttpCookie...
ASP.NET
3
3535
Forms Authentication non-persistent cookie not expiring after closingthe browser
by: rh.krish | last post by:
I have a typical ASP.NET 2.0 Forms authentication application which authenticates against Active Directory. I use non-persistent cookie so that the user is NOT remembered across browser sessions. The timeout is set to 10 minutes. Here is the important code snippets that I took from my original code: string roleToCheck = .....; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, member.UserName, DateTime.Now,...
ASP.NET
0
9456
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10040
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9873
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9846
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
6534
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5304
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3806
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3359
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2666
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us