=?Utf-8?B?QmlsbCBCb3Jn?= <Bi******@discussions.microsoft.com>
wrote in news:BA**********************************@microsof t.com:
Hello all,
I am working on forms authentication and trying to understand:
what's the relationship between the cookie expiration and the
ticket expiration? I create a cookie and I add an encrypted
ticket to it. Both of these have an expiration date, but I'm not
seeing how to use them. Does it make sense that these dates
would ever differ?
Bill,
There's really no relationship, and in practice both dates are
usually the same.
The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).
The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.
--
Hope this helps.
Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/