473,385 Members | 1,317 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > forms authentication cookie does not expire

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Forms Authentication Cookie Does Not Expire

On my asp.net application, suddenly the forms authentication cookies
for all clients have quit expiring. This results in users being able
to
access the site from day to day without having to log in, even if
their
browers are closed and then reopened hours apart or even if their
machines
are rebooted.

This behavior did not occur in my application at first. The problem
only began after I modified the web.config file from not having a
timeout value at all (which should have used the default of 30mins?)
to a custom value of timeout="10". Anyways that wouldn't work right
for some reason so I took that out and went back to no entry for the
timeout value. That is when the problem started happening. Now, even
though I have manually added the timeout value back in and set it to
30, the cookies still never expire! I have posted a snippet of the
web.config file below as it is now...

<authentication mode="Forms">
<forms loginUrl="LogIn.aspx" timeout="30">
<credentials passwordFormat="Clear">
<user name="SomeUser" password="SomePassword"/>
</credentials>
</forms>
</authentication>

<authorization>
<allow users="*"/>
</authorization>

The following section was added to secure the private parts of the
site...

<location path="Portal">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

As you can clearly see, I have indicated a [timeout="30"] value in the
forms tag. I have also done several builds/compiles, but the
authentication cookies never expire. What in the world is going on
here?
Nov 18 '05 #1
1 1859
Hi Joey,

I think you can try to change the name property for Form elment in
web.config. This property specifies the HTTP cookie to use for
authentication. If there is something wrong with your previous cookie's
expire, a new cookie will force it get refresh.

If there problem still occur, you may check the authorication setting for
your web application. <deny users="?"/> only deny anonymous user, not all
"invalid" user.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 18 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Forms Authentication Cookies Never Expire
by: Joey Powell | last post by:
This message was originally posted to the aspnet.security newsgroup, but no one there has ever heard of this before. That is why I am posting this message here, so that more people will see it... ...
ASP.NET
3
Forms authentication - credential store
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I...
ASP.NET
5
Forms Login Page Not Login Out
by: Kenneth Keeley | last post by:
Hi, I have a web app that has forms authentication and I can login to the page the first time I go there but it never times me out if I come back in 24 hours a hit the refresh key the page loads...
ASP.NET
3
Forms Authenication Cookie Not Expiring Correctly
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have...
ASP.NET
2
Forms authentication cookies not expiring...
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent...
ASP.NET
2
Trying to figure out forms authentication
by: Randall Parker | last post by:
Some questions on forms authentication: 1) Can one do one's own checking of username and password and totally bypass calling FormsAuthentication.Authenticate? 2) does the "new...
ASP.NET
2
Q regarding forms authentication and timeouts
by: Mike Hofer | last post by:
Okay, so I finally figured out forms authenticaton, to a degree and I still have one question: If a user walks away from my application, and the cookie expires, and then he comes back, does...
ASP.NET
3
A little problem with Forms authentication :-(
by: Simon Harvey | last post by:
Hi All, I'm hoping somebody could help me with the following problem. I'm using forms authentication and the user is getting authenticated no problem. Once authenticated the user can look at...
ASP.NET
10
Forms Authentication in ASP.NET 2.0
by: Peter Bradley | last post by:
We are in the process of designing our first ASP.NET 2.0 application and have discovered that Forms Authentication works completely differently in ASP.NET 2.0. For a number of reasons, we cannot...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!