Re: Authentication Ticket expiration
From: Mike Forman (ec-nospam@microsoft.com)
Date: 04/14/03
- Next message: Jason Pileski: "Different user when testing"
- Previous message: Marlene A. Roman: "Re: Issue with Integrated Security"
- In reply to: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Next in thread: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Reply: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mike Forman <ec-nospam@microsoft.com> Date: 14 Apr 2003 11:25:52 -0700
Victor,
Could you please eleaborate with a small example of how to enable/disable this
attribute?
>
>What you're seeing is the only behavior supported in ASP.NET v1.0. The
>FormsAuthenticationModule.OnAuthenticate method will constantly renew the
>ticket calling FormsAuthentication.RenewTicketIfOld. Version 1.1 of ASP.NET
>introduces a new attribute named 'slidingExpiration' for the <forms> element
>that you could set to false to change this default behavior of renewing the
>ticket.
>
>--
>Victor Garcia Aprea
>Microsoft MVP | ASP.NET
>
>"Mike Forman" <ec-nospam@microsoft.com> wrote in message
>news:60277247.0000a525.030@drn.newsguy.com...
>> I'm, using the following example from
>>
>> http://support.microsoft.com/?id=308157
>>
>> and am having a few problems.
>>
>> The following snippet works great for creating a persistant/non-persistant
>> ticket
>>
>> ============
>> tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now(),
>_
>> dateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")
>> cookiestr = FormsAuthentication.Encrypt(tkt)
>> ck = new HttpCookie(FormsAuthentication.FormsCookieName(),
>cookiestr)
>> if (chkPersistCookie.Checked) then ck.Expires=tkt.Expiration
>> Response.Cookies.Add(ck)
>> ============
>>
>> HOWEVER, the ticket seems to get renewed every time I post back to the
>server.
>> What I really want to do is force the Authentication to expire after X
>minutes
>> if the does/doesn't post back to the server.
>>
>> The only exception to this is I want the authentication to expire
>immediatly if
>> the user closes the browser, but this seems to be working.
>>
>> What I want is something like what Yahoo mail uses. When you login, you
>enter
>> your username/password and can either "Remember my ID and Password". If
>the
>> user says no, then when they close their browser, they have to login
>again. If
>> the user checks yes, they don't have to login again UNLESS 8 hours pass
>from
>> since the time they log in.
>>
>> Any suggestions?
>>
>> -Mike
>>
>
>
- Next message: Jason Pileski: "Different user when testing"
- Previous message: Marlene A. Roman: "Re: Issue with Integrated Security"
- In reply to: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Next in thread: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Reply: Victor Garcia Aprea [MVP]: "Re: Authentication Ticket expiration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
