Hello all,
I've read through the posts out here, mostly get it, but am still trying to
understand the relationship among the ticket, the cookie, and their
expirations.
I understand that the cookie is just a holder, and that the ticket is what
I'm choosing to hold. I think I want to always set both the ticket and the
cookie to "never" expire (e.g. datetime.maxvalue). When would I *not* want to
do it this way? I know it has to do with kicking out users I no longer want
in my system (or whose roles have changed), but in this case don't I always
need to have a separate mechanism anyway for revalidating against the
database (e.g. at session start), no matter what the ticket says?
Hoping somebody can help me get this straight.
Thanks,
Bill