locked
Login and logout with window live problem RRS feed

  • Question

  • User-2031650305 posted

    Hi

    I have a Windows Live Application and it use login.live.com to login or logout my app. When I login with login.live.com url for short time then I logout but I can't relogin after I logout .

    If I closed the browser then launched it again or logined for along time, I can relogin successfully. I know the live window cookie is problem but I can't find the solution for this problem

    Wednesday, October 24, 2012 12:14 PM

Answers

  • User281315223 posted

    Depending on how you have configured your application, you could check what the specific timeout for your authentication cookie is. There are quite a few ways to set timeouts within .NET (Session Timeouts, Forms Authentication Timeouts and IIS-related Timeouts) so a few things could be going wrong here so I'll address the two that might most likely relate to your issue : Forms Authentication and IIS Idle Timeouts.

    Setting the Forms Authentication Timeout within your web.config (may not be applicable)

    You can adjust the specific timeout property of your Forms Authentication in your application by adjusting the timeout property within the <authentication> element of your web.config file. You will also want to be mindful that if you are using the slidingExpiration property in conjunction with timeouts as they can actually expire much earlier than the timeout listed.

    <authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="yourTimeoutInMinutes"></forms>
    </authentication>

    So if you wanted to extend the amount that the authentication token stays "alive" for to say 60 minutes (an hour), you would set it as seen below : 

    <authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="60"></forms>
    </authentication>

    However, if you are using the slidingExpiration property, the authentication token can expire when half of the timeout duration has elapsed. So you'll likely want to double your timeout value if you are using it :

    <authentication mode="Forms"> 
    <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="120" slidingExpiration="true"></forms>
    </authentication>

    Setting the Application IdleTimeout property within IIS

    You may need to check what your timeout is configured for within IIS, as this timeout will override the timeouts defined in your web.config. 

    Within IIS there is a setting called Idle Timeout, which defaults at 20 minutes. This could explain your early timeout issue and you may want to consider adjusting this property within IIS. Based on your issue, this could likely be the culprit :

    Scott Hanselman also addresses strange issues that can occur when dealing with timeouts when using Forms Authentication in this blog post as well.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, November 2, 2014 10:18 PM