locked
Auth Ticket Timeout & Session Timeout RRS feed

  • Question

  • User-1073848993 posted

    Suppose I have an authentication ticket with timeout="30" & slidingExpiration="true" and I also have <sessionState timeout="30" /> under web.config.

    Now, correct me if I am wrong but both of them should expire at the same time if a user becomes idle after logging in, correct? So what happens when a user is logged and he/she is not idle? How / When does timeout for both are reset? Lastly, if a user is on a page (i.e. questions.aspx) with bunch of controls that do not postback, is that considered as user bing idle as far as slidingExpiration is concerned?

    Thanks in advance. 

    Friday, November 20, 2009 11:31 AM

Answers

  • User421672444 posted

    It shows how does sliding expiration work in the context of forms authentication.

    If the logon page is accessed at 5:00 00:00:00 PM, it should expire at 5:10 00:00:00 PM if the timeout attribute is 10 and the slidingExpiration attribute is set to TRUE. Now, if any Web page is browsed again at 5:05 00:00:00 PM, the cookies and ticket time-out period will be reset to 5:15 00:00:00 PM.

    Note If the Web page is accessed before half of the expiration time passes, the ticket expiration time will not be reset. Fore example, if any Web page is accessed again at 5:04 00:00:00 PM, the cookies and ticket timeout period will not be reset.

     

    http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, November 20, 2009 2:55 PM