Forms authentication doesn't timeout

From: James Friesen (jamesdfriesen@hotmail.com)
Date: 01/23/03


From: jamesdfriesen@hotmail.com (James Friesen)
Date: 22 Jan 2003 21:03:39 -0800


Hi everybody.

I have an application which uses the built in .net framework forms
authentication.

I have set up my configuration file like this:

If the cookie does not exist on my machine, no problem. I am
redirected to the login page, and after I signin, I am redirected back
to the page I was requesting. If I signout, then try to access a
page, again no problems.

However, the timeout never seems to happen. If I reaccess my site the
next day, I go right into the application, my login is still valid
even though it is way past the timeout value.

What could I be missing?

Thanks in advance

web.config

    <authentication mode="Forms">
                <forms name=".ASPAPP" loginUrl="Login/Login.aspx" path="/"
protection="All" timeout="30" >
                </forms>
    </authentication>

    <authorization>
        <deny users="?" />
    </authorization>

Login.aspx

        Private Sub butSignOn_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles butSignOn.Click
                ' If user name and password are found, authorize the user and show
start page.
                If CheckPassword(txtUserName.Text, txtPassword.Text) Then
                        FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, True)
                Else
                        ' Display message.
                        lblStatus.Text = "Username or password not found. Try again."
                End If
        End Sub