467,083 Members | 1,209 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,083 developers. It's quick & easy.

Forms authorization cookie always set to expire in 2055?

I'm using Forms authorization. In my <forms> section I have timeout="30",
but when I examine the cookie, it shows it expiring in 2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>
Nov 19 '05 #1
  • viewed: 2229
Share:
4 Replies
Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #2
So, what good is setting the "timeout" value in the <form> section? Maybe
you didn't read my post accurately.
"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #3
The timeout is used when it's not a persistent cookie. IOW, the boolean parameter
to FormsAuthentication.SetAuthCookie. The docs cover this (except where it
says "Persistent cookies do not time out.". They do time out after 50 years,
as you discovered):

http://msdn.microsoft.com/library/de...gngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen
So, what good is setting the "timeout" value in the <form> section?
Maybe you didn't read my post accurately.

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change
that (albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #4
Ahh...yes...now I see. I set the persistant parameter to false and now it
works. Thanks.

Amil

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
The timeout is used when it's not a persistent cookie. IOW, the boolean
parameter to FormsAuthentication.SetAuthCookie. The docs cover this
(except where it says "Persistent cookies do not time out.". They do time
out after 50 years, as you discovered):

http://msdn.microsoft.com/library/de...gngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen
So, what good is setting the "timeout" value in the <form> section?
Maybe you didn't read my post accurately.

"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:97**********************@msnews.microsoft.com ...
Because they hard coded it to expire after 50 years. You can change
that (albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen
I'm using Forms authorization. In my <forms> section I have
timeout="30", but when I examine the cookie, it shows it expiring in
2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>


Nov 19 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by ElmoWatson | last post: by
3 posts views Thread by Kris van der Mast | last post: by
2 posts views Thread by Jenny | last post: by
1 post views Thread by Joey Powell | last post: by
reply views Thread by Anonieko Ramos | last post: by
5 posts views Thread by Gavin Stevens | last post: by
2 posts views Thread by pv_kannan@yahoo.com | last post: by
2 posts views Thread by Randall Parker | last post: by
4 posts views Thread by =?Utf-8?B?R3V1czEyMw==?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.