Two things - You would need to set the timeout:
<authentication mode="Forms">
<forms name=".YourAppCookieName"
loginUrl="login.aspx"
protection="All"
timeout="60" '<--------here - Number of minutes until authentication
cookie expires.
path="/"
/>
</authentication>
Also - in your login page, when you have the redirection statement - if you
have:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '<---- if you
set this to 'True", then it sets a permanent cookie, with an expiration date
about 50 years from it's creation date.
David Wier
http://aspnet101.com http://aspexpress.com
"Kian Goh" <ki************@hotmail.com> wrote in message
news:eF**************@tk2msftngp13.phx.gbl...
Hi there,
I am trying to use an entry level security for my resources website. I
followed the procedures in the MS published Self-Paced Training Kit,
everything seems working as expected. However, I found that the
authentication cookie never expires.
I thought the default timeout is 30 minutes. Please tell me if I miss any
step...
Thanks a lot,
Kian
<authentication mode="Forms">
<forms loginUrl="ResourcesLogon.aspx">
<credentials passwordFormat="Clear">
<user name="kk" password="dd"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" /> <!--Deny all unauthenticated users-->
</authorization>