By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,994 Members | 2,073 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,994 IT Pros & Developers. It's quick & easy.

FormsAuthentication cookies timeout

P: n/a
I am trying to get my authentication to work and want the timeout to be 30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.
Nov 19 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
I did find that I can find the cookie in Mozilla in preferences.

The problem is the expiration time appears to be: Wednesday, January 13,
2055 4:06:51 PM

2055?????

Default is 30 minutes.

Am I missing something?

Thanks,

Tom.
"tshad" <ts**********@ftsolutions.com> wrote in message
news:uT****************@TK2MSFTNGP12.phx.gbl...
I am trying to get my authentication to work and want the timeout to be 30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.

Nov 19 '05 #2

P: n/a
hi tshad..
in ur web.config the default timeout is 20mins.
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
Why don't u change it to ur taste..
Hope it helps
Patrick


"tshad" wrote:
I am trying to get my authentication to work and want the timeout to be 30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.

Nov 19 '05 #3

P: n/a
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:6B**********************************@microsof t.com...
hi tshad..
in ur web.config the default timeout is 20mins.
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
That is what I am trying to do.

I want to use forms Authentication to control access to my pages and I am
finding that my cookies have an expiration date of 50 years from now (no
matter what I set the timeout field to - maybe this field will not help me).

I would actually like the cookie (or session cookie) for each person to
disapear when they leave the browser. But I also want to make sure that if
the browser is left on for more that some time (say 20 minutes), they have
to log on again.

I was looking on the MS site about cookies and they say that the expiration
date is pointless - it is either there or it isn't. The expiration field is
for information only.

So what good is the timeout?

Tom Why don't u change it to ur taste..
Hope it helps
Patrick


"tshad" wrote:
I am trying to get my authentication to work and want the timeout to be
30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.

Nov 19 '05 #4

P: n/a
in ur web.config ..in the forms TAG
whats the name of the Cookie?
In ur code how are u adding the cookie..
Or u didn't specify it at all(but at the same time Forms Auth needs it!!)


"tshad" wrote:
I did find that I can find the cookie in Mozilla in preferences.

The problem is the expiration time appears to be: Wednesday, January 13,
2055 4:06:51 PM

2055?????

Default is 30 minutes.

Am I missing something?

Thanks,

Tom.
"tshad" <ts**********@ftsolutions.com> wrote in message
news:uT****************@TK2MSFTNGP12.phx.gbl...
I am trying to get my authentication to work and want the timeout to be 30
minutes, but only while the browser is active. If the browser closes, I
want the cookie to disappear.

Is this possible?

The 2 web configs are set as:

*******************************
<system.web>
<authentication mode="Forms">
<forms name="staffing"
loginUrl="/development/staffing/logon.aspx"
protection="All"
path="/" />
</authentication>
</system.web>
*********************************

***********************************
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
**************************************

My problem is during testing the cookie gets turned on and I have to wait
until the timeout stops.

Is there a way I can manully delete the cookie?

Where would it be located when the 'path="/"'?

Thanks,

Tom.


Nov 19 '05 #5

P: n/a
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:A7**********************************@microsof t.com...
in ur web.config ..in the forms TAG
whats the name of the Cookie?
In ur code how are u adding the cookie..
Or u didn't specify it at all(but at the same time Forms Auth needs it!!)
Found it.

The problem was that I was passing true as the 2nd argument in
RedirectFromLoginPage. This says to save the cookie on disk and will
persist for 50 years.

By setting it to false, it doesn't write the cookie.

The timeout parameter is how long it will last while the browser is open.
This apparently gets reset if you go to another page before the timeout
period.

Thanks,

Tom

"tshad" wrote:
I did find that I can find the cookie in Mozilla in preferences.

The problem is the expiration time appears to be: Wednesday, January 13,
2055 4:06:51 PM

2055?????

Default is 30 minutes.

Am I missing something?

Thanks,

Tom.
"tshad" <ts**********@ftsolutions.com> wrote in message
news:uT****************@TK2MSFTNGP12.phx.gbl...
>I am trying to get my authentication to work and want the timeout to be
>30
>minutes, but only while the browser is active. If the browser closes, I
>want the cookie to disappear.
>
> Is this possible?
>
> The 2 web configs are set as:
>
> *******************************
> <system.web>
> <authentication mode="Forms">
> <forms name="staffing"
> loginUrl="/development/staffing/logon.aspx"
> protection="All"
> path="/" />
> </authentication>
> </system.web>
> *********************************
>
> ***********************************
> <configuration>
> <system.web>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
> **************************************
>
> My problem is during testing the cookie gets turned on and I have to
> wait
> until the timeout stops.
>
> Is there a way I can manully delete the cookie?
>
> Where would it be located when the 'path="/"'?
>
> Thanks,
>
> Tom.
>


Nov 19 '05 #6

P: n/a
Well Tom..
Nice u got the stuff urself
No worries..
Patrick
**But remember the tiemout in Web.Config overrides the one in IIS**
(Tested it myself)

"tshad" wrote:
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:A7**********************************@microsof t.com...
in ur web.config ..in the forms TAG
whats the name of the Cookie?
In ur code how are u adding the cookie..
Or u didn't specify it at all(but at the same time Forms Auth needs it!!)


Found it.

The problem was that I was passing true as the 2nd argument in
RedirectFromLoginPage. This says to save the cookie on disk and will
persist for 50 years.

By setting it to false, it doesn't write the cookie.

The timeout parameter is how long it will last while the browser is open.
This apparently gets reset if you go to another page before the timeout
period.

Thanks,

Tom


"tshad" wrote:
I did find that I can find the cookie in Mozilla in preferences.

The problem is the expiration time appears to be: Wednesday, January 13,
2055 4:06:51 PM

2055?????

Default is 30 minutes.

Am I missing something?

Thanks,

Tom.
"tshad" <ts**********@ftsolutions.com> wrote in message
news:uT****************@TK2MSFTNGP12.phx.gbl...
>I am trying to get my authentication to work and want the timeout to be
>30
>minutes, but only while the browser is active. If the browser closes, I
>want the cookie to disappear.
>
> Is this possible?
>
> The 2 web configs are set as:
>
> *******************************
> <system.web>
> <authentication mode="Forms">
> <forms name="staffing"
> loginUrl="/development/staffing/logon.aspx"
> protection="All"
> path="/" />
> </authentication>
> </system.web>
> *********************************
>
> ***********************************
> <configuration>
> <system.web>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
> **************************************
>
> My problem is during testing the cookie gets turned on and I have to
> wait
> until the timeout stops.
>
> Is there a way I can manully delete the cookie?
>
> Where would it be located when the 'path="/"'?
>
> Thanks,
>
> Tom.
>


Nov 19 '05 #7

P: n/a
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:C2**********************************@microsof t.com...
Well Tom..
Nice u got the stuff urself
No worries..
Patrick
**But remember the tiemout in Web.Config overrides the one in IIS**
(Tested it myself)
Yes, it is great to find it myself as I will probably remember it better.
But sometimes you just can't find it.

Is the IIS one, the 20 minutes you mentioned?

Thanks,

Tom
"tshad" wrote:
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:A7**********************************@microsof t.com...
> in ur web.config ..in the forms TAG
> whats the name of the Cookie?
> In ur code how are u adding the cookie..
> Or u didn't specify it at all(but at the same time Forms Auth needs
> it!!)


Found it.

The problem was that I was passing true as the 2nd argument in
RedirectFromLoginPage. This says to save the cookie on disk and will
persist for 50 years.

By setting it to false, it doesn't write the cookie.

The timeout parameter is how long it will last while the browser is open.
This apparently gets reset if you go to another page before the timeout
period.

Thanks,

Tom
>
>
>
>
>
>
> "tshad" wrote:
>
>> I did find that I can find the cookie in Mozilla in preferences.
>>
>> The problem is the expiration time appears to be: Wednesday, January
>> 13,
>> 2055 4:06:51 PM
>>
>> 2055?????
>>
>> Default is 30 minutes.
>>
>> Am I missing something?
>>
>> Thanks,
>>
>> Tom.
>> "tshad" <ts**********@ftsolutions.com> wrote in message
>> news:uT****************@TK2MSFTNGP12.phx.gbl...
>> >I am trying to get my authentication to work and want the timeout to
>> >be
>> >30
>> >minutes, but only while the browser is active. If the browser
>> >closes, I
>> >want the cookie to disappear.
>> >
>> > Is this possible?
>> >
>> > The 2 web configs are set as:
>> >
>> > *******************************
>> > <system.web>
>> > <authentication mode="Forms">
>> > <forms name="staffing"
>> > loginUrl="/development/staffing/logon.aspx"
>> > protection="All"
>> > path="/" />
>> > </authentication>
>> > </system.web>
>> > *********************************
>> >
>> > ***********************************
>> > <configuration>
>> > <system.web>
>> > <authorization>
>> > <deny users="?" />
>> > </authorization>
>> > </system.web>
>> > </configuration>
>> > **************************************
>> >
>> > My problem is during testing the cookie gets turned on and I have to
>> > wait
>> > until the timeout stops.
>> >
>> > Is there a way I can manully delete the cookie?
>> >
>> > Where would it be located when the 'path="/"'?
>> >
>> > Thanks,
>> >
>> > Tom.
>> >
>>
>>
>>


Nov 19 '05 #8

P: n/a
Yeah the Timeouts in Web.config overrides.
Patrick

"tshad" wrote:
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:C2**********************************@microsof t.com...
Well Tom..
Nice u got the stuff urself
No worries..
Patrick
**But remember the tiemout in Web.Config overrides the one in IIS**
(Tested it myself)


Yes, it is great to find it myself as I will probably remember it better.
But sometimes you just can't find it.

Is the IIS one, the 20 minutes you mentioned?

Thanks,

Tom

"tshad" wrote:
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:A7**********************************@microsof t.com...
> in ur web.config ..in the forms TAG
> whats the name of the Cookie?
> In ur code how are u adding the cookie..
> Or u didn't specify it at all(but at the same time Forms Auth needs
> it!!)

Found it.

The problem was that I was passing true as the 2nd argument in
RedirectFromLoginPage. This says to save the cookie on disk and will
persist for 50 years.

By setting it to false, it doesn't write the cookie.

The timeout parameter is how long it will last while the browser is open.
This apparently gets reset if you go to another page before the timeout
period.

Thanks,

Tom
>
>
>
>
>
>
> "tshad" wrote:
>
>> I did find that I can find the cookie in Mozilla in preferences.
>>
>> The problem is the expiration time appears to be: Wednesday, January
>> 13,
>> 2055 4:06:51 PM
>>
>> 2055?????
>>
>> Default is 30 minutes.
>>
>> Am I missing something?
>>
>> Thanks,
>>
>> Tom.
>> "tshad" <ts**********@ftsolutions.com> wrote in message
>> news:uT****************@TK2MSFTNGP12.phx.gbl...
>> >I am trying to get my authentication to work and want the timeout to
>> >be
>> >30
>> >minutes, but only while the browser is active. If the browser
>> >closes, I
>> >want the cookie to disappear.
>> >
>> > Is this possible?
>> >
>> > The 2 web configs are set as:
>> >
>> > *******************************
>> > <system.web>
>> > <authentication mode="Forms">
>> > <forms name="staffing"
>> > loginUrl="/development/staffing/logon.aspx"
>> > protection="All"
>> > path="/" />
>> > </authentication>
>> > </system.web>
>> > *********************************
>> >
>> > ***********************************
>> > <configuration>
>> > <system.web>
>> > <authorization>
>> > <deny users="?" />
>> > </authorization>
>> > </system.web>
>> > </configuration>
>> > **************************************
>> >
>> > My problem is during testing the cookie gets turned on and I have to
>> > wait
>> > until the timeout stops.
>> >
>> > Is there a way I can manully delete the cookie?
>> >
>> > Where would it be located when the 'path="/"'?
>> >
>> > Thanks,
>> >
>> > Tom.
>> >
>>
>>
>>


Nov 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.