467,083 Members | 1,209 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

home > topics > asp.net > questions > forms authorization cookie always set to expire in 2055?

Post your question to a community of 467,083 developers. It's quick & easy.

Forms authorization cookie always set to expire in 2055?

I'm using Forms authorization. In my <forms> section I have timeout="30",
but when I examine the cookie, it shows it expiring in 2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>
Nov 19 '05 #1
  • viewed: 2229
Share:
4 Replies
Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #2
So, what good is setting the "timeout" value in the <form> section? Maybe
you didn't read my post accurately.
"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #3
The timeout is used when it's not a persistent cookie. IOW, the boolean parameter
to FormsAuthentication.SetAuthCookie. The docs cover this (except where it
says "Persistent cookies do not time out.". They do time out after 50 years,
as you discovered):

http://msdn.microsoft.com/library/de...gngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen
So, what good is setting the "timeout" value in the <form> section?
Maybe you didn't read my post accurately.

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change
that (albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #4
Ahh...yes...now I see. I set the persistant parameter to false and now it
works. Thanks.

Amil

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
The timeout is used when it's not a persistent cookie. IOW, the boolean
parameter to FormsAuthentication.SetAuthCookie. The docs cover this
(except where it says "Persistent cookies do not time out.". They do time
out after 50 years, as you discovered):

http://msdn.microsoft.com/library/de...gngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen
So, what good is setting the "timeout" value in the <form> section?
Maybe you didn't read my post accurately.

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change
that (albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics
Forms Authentication Problem
11 posts views Thread by ElmoWatson | last post: by
Forms authentication in a subfolder problem, please help
3 posts views Thread by Kris van der Mast | last post: by
Forms authentication
2 posts views Thread by Jenny | last post: by
Forms Authentication Cookie Does Not Expire
1 post views Thread by Joey Powell | last post: by
ASP.NET Forms Authentication Best Practices
reply views Thread by Anonieko Ramos | last post: by
ASP.NET Forms Authentication
5 posts views Thread by Gavin Stevens | last post: by
Forms authentication cookies not expiring...
2 posts views Thread by pv_kannan@yahoo.com | last post: by
Trying to figure out forms authentication
2 posts views Thread by Randall Parker | last post: by
Forms Authentication
4 posts views Thread by =?Utf-8?B?R3V1czEyMw==?= | last post: by
BYTES.COM © 2021
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap
ASP.NET Answers Sitemap
ASP.NET Insights Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.