By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,304 Members | 3,172 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,304 IT Pros & Developers. It's quick & easy.

What relationship between cookie and ticket expiration?

P: n/a
Hello all,

I am working on forms authentication and trying to understand: what's the
relationship between the cookie expiration and the ticket expiration? I
create a cookie and I add an encrypted ticket to it. Both of these have an
expiration date, but I'm not seeing how to use them. Does it make sense that
these dates would ever differ?

Thanks,

Bill
Nov 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
=?Utf-8?B?QmlsbCBCb3Jn?= <Bi******@discussions.microsoft.com>
wrote in news:BA**********************************@microsof t.com:
Hello all,

I am working on forms authentication and trying to understand:
what's the relationship between the cookie expiration and the
ticket expiration? I create a cookie and I add an encrypted
ticket to it. Both of these have an expiration date, but I'm not
seeing how to use them. Does it make sense that these dates
would ever differ?


Bill,

There's really no relationship, and in practice both dates are
usually the same.

The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).

The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.

--
Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/
Nov 19 '05 #2

P: n/a
Excellent help...thanks.

"Chris R. Timmons" wrote:
=?Utf-8?B?QmlsbCBCb3Jn?= <Bi******@discussions.microsoft.com>
wrote in news:BA**********************************@microsof t.com:
Hello all,

I am working on forms authentication and trying to understand:
what's the relationship between the cookie expiration and the
ticket expiration? I create a cookie and I add an encrypted
ticket to it. Both of these have an expiration date, but I'm not
seeing how to use them. Does it make sense that these dates
would ever differ?


Bill,

There's really no relationship, and in practice both dates are
usually the same.

The cookie's expiration date is used by the browser to determine if
the cookie should be erased. The ticket's expiration date is used by
ASP.Net's forms authentication system (or your code, if you handle
forms authentication manually).

The only operational problem that can arise is if the cookie's
expiration date is earlier than the ticket's expiration date. That
may cause confusion on the part of the user if they think they're
login lasts for a certain period of time, but the cookie holding
their authentication ticket gets erased by the browser before the
ticket expires.

--
Hope this helps.

Chris.
-------------
C.R. Timmons Consulting, Inc.
http://www.crtimmonsinc.com/

Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.