Forms authentication doesn't timeout

From: James Friesen (jamesdfriesen@hotmail.com)
Date: 01/23/03


From: jamesdfriesen@hotmail.com (James Friesen)
Date: 22 Jan 2003 21:03:39 -0800


Hi everybody.

I have an application which uses the built in .net framework forms
authentication.

I have set up my configuration file like this:

If the cookie does not exist on my machine, no problem. I am
redirected to the login page, and after I signin, I am redirected back
to the page I was requesting. If I signout, then try to access a
page, again no problems.

However, the timeout never seems to happen. If I reaccess my site the
next day, I go right into the application, my login is still valid
even though it is way past the timeout value.

What could I be missing?

Thanks in advance

web.config

    <authentication mode="Forms">
                <forms name=".ASPAPP" loginUrl="Login/Login.aspx" path="/"
protection="All" timeout="30" >
                </forms>
    </authentication>

    <authorization>
        <deny users="?" />
    </authorization>

Login.aspx

        Private Sub butSignOn_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles butSignOn.Click
                ' If user name and password are found, authorize the user and show
start page.
                If CheckPassword(txtUserName.Text, txtPassword.Text) Then
                        FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, True)
                Else
                        ' Display message.
                        lblStatus.Text = "Username or password not found. Try again."
                End If
        End Sub



Relevant Pages

  • Trying to create a secure app that never times out - very confused
    ... forms authentication, and I am trying to have it so that once a user ... The login is handled by the asp.net login control, ... If I look at the cookie expiry it ... Interestingly, if I set the timeout to be short, lets say 1 minute ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Forms authentication not returning to login page
    ... Form authentication is by default based on cookie, ... it will redirect to the login page. ... You can set the timeout for forms ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: login control persistent cookie problem
    ... cookie lasted forever. ... it's a 3-step process in the Login control: ... the timeout is set to DateTime.Now + TimeSpan.Parse(<forms ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Detecting session time out in custom log in page
    ... The TimeOut attribute here only make sense when we use non-persistent ... cookie for the form authentication. ... Anyway, we may set a session variant when your user first logon, for ... it is a new login or get back from timeout. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Trying to create a secure app that never times out - very confused
    ... I would have expected to see a cookie ... I do my authentication) the cookie is now null. ... The login is handled by the asp.net login control, ... Interestingly, if I set the timeout to be short, lets say 1 minute ...
    (microsoft.public.dotnet.framework.aspnet.security)