467,077 Members | 1,046 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,077 developers. It's quick & easy.

Non persistent cookie timeout?

I'm using Forms authentication and a non persistent cookie in my
asp.net application.
How do i get the cookie to time out after a period of inactivity, say
10 minutes, and force the user to login again?
If I close the browser, the next time I use the application, it makes
me log in - and That's fine.
However if I keep the browser session open, it keeps my login valid for
as long as the browser is open - I want it to time out.
Specifying the timeout value in the web.config seems to have no effect.
any pointers? Code appended. Thanks!

<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");

// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group);

Page.SmartNavigation = false;
//Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text,false));

Jan 12 '06 #1
  • viewed: 2921
Share:
8 Replies
Belle,

Just after you create your cooke and before you add it to the response use

authCookie.Expires = DateTime.Now.AddMinutes(10);
--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
<ba***********@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
I'm using Forms authentication and a non persistent cookie in my
asp.net application.
How do i get the cookie to time out after a period of inactivity, say
10 minutes, and force the user to login again?
If I close the browser, the next time I use the application, it makes
me log in - and That's fine.
However if I keep the browser session open, it keeps my login valid for
as long as the browser is open - I want it to time out.
Specifying the timeout value in the web.config seems to have no effect.
any pointers? Code appended. Thanks!

<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");

// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group);

Page.SmartNavigation = false;
//Redirect the user to the originally requested page
Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text,false));

Jan 12 '06 #2
Justin,

Thank you... it works!!

-Belle

Jan 12 '06 #3
Belle,

You're welcome!

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
<ba***********@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
Justin,

Thank you... it works!!

-Belle

Jan 12 '06 #4
But now I have a new problem.....

If I happen to close the browser session before the 10 minute timeout,
and open a new session, it doesnt force me to log in.

I am essentially wanting to use a non persistent cookie that will
expire with the browser session, but will also timeout after a period
of inactivity.

pointers?

thanks.

Jan 12 '06 #5
Belle,

Use the forms authentication object's redirect:

FormsAuthentication.RedirectFromLoginPage(username .Text, false)

Setting the second parameter to false sets a non-persistent cookie.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
<ba***********@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
But now I have a new problem.....

If I happen to close the browser session before the 10 minute timeout,
and open a new session, it doesnt force me to log in.

I am essentially wanting to use a non persistent cookie that will
expire with the browser session, but will also timeout after a period
of inactivity.

pointers?

thanks.

Jan 12 '06 #6
Justin,

still no luck....back to square one, the cookie behaves like a non
persistent cookie, and expires only if the browser is closed.
Despite the timeout specified as 10 minutes, the cookie never times
out.... what am I doing wrong?

my web.config:
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
when the user attempts to logon:
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
authCookie.Expires = DateTime.Now.AddMinutes(10);
Response.Cookies.Add(authCookie);

Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group)
Page.SmartNavigation = false;
// Redirect the user to the originally requested page
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);

Do I need to edit the machine.config?

Thanks,
Belle

Jan 13 '06 #7
Belle,

At this point there are more possibilities than I can go into here. Try
looking through this article:
http://msdn.microsoft.com/library/de...aght000012.asp
It should contain all the information you need. If you don't solve your
problem here let me know. By the way, what are you using the Session object
for? are you using cookies or the session variable for your timeout? If
you're actually using the session then it won't time out until ten minutes
have gone by from the last time the client has contacted the server. And
closing the browser won't mater...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
<ba***********@gmail.com> wrote in message
news:11**********************@z14g2000cwz.googlegr oups.com...
Justin,

still no luck....back to square one, the cookie behaves like a non
persistent cookie, and expires only if the browser is closed.
Despite the timeout specified as 10 minutes, the cookie never times
out.... what am I doing wrong?

my web.config:
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name = "portal" timeout="10"
slidingExpiration="true" protection="All" path="/">
</forms>
</authentication>
when the user attempts to logon:
// Create the authetication ticket
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(10),false, "");
// Now encrypt the ticket.
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Add the cookie to the outgoing cookies collection.
authCookie.Expires = DateTime.Now.AddMinutes(10);
Response.Cookies.Add(authCookie);

Session.Add("Login", txtUserName.Text);
Session.Add("Group",Group)
Page.SmartNavigation = false;
// Redirect the user to the originally requested page
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, false);

Do I need to edit the machine.config?

Thanks,
Belle

Jan 13 '06 #8
I'm using the cookie for timeout.....but unless I close the browser a
timeout never occurs!
ok, a stupid question here, but Do i need to explicitly check for a
cookie timeout, or will the "Application_AuthenticateRequest" in
global.asax take care of it.
Please have a look at my global.asax for my app:

protected void Application_AuthenticateRequest(Object sender, EventArgs
e)
{
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

if(null == authCookie)
{
// There is no authentication cookie.
return;
}
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
{
// Log exception details (omitted for simplicity)
return;
}
if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}

// When the ticket was created, the UserData property was assigned a
// pipe delimited string of group names.
String[] groups = authTicket.UserData.Split(new char[]{'|'});

// Create an Identity object
GenericIdentity id = new
GenericIdentity(authTicket.Name,"LdapAuthenticatio n");

// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, groups);
// Attach the new principal object to the current HttpContext object
Context.User = principal;

}
Thanks.

Jan 13 '06 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Joey Powell | last post: by
reply views Thread by robert@orisoft.co.uk | last post: by
3 posts views Thread by sanchita | last post: by
4 posts views Thread by GaryDean | last post: by
1 post views Thread by Jason James | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.