locked
Forms Authentication Issue RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1525975705 posted

    Dear All,

    The users of our website are complaining that they are timing out before 20 minutes , Below are my settings in web.config

    <sessionState mode="InProc" cookieless="false" timeout="20" />
    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="~/w/default.aspx?aid=1" timeout="20" slidingExpiration="true"/>
    </authentication>

    The app pool Idle time out is also 20 Minutes

    In the code where we login we have

    FormsAuthenticationTicket tkt;
    string cookiestr;
    HttpCookie ck;

    tkt = new FormsAuthenticationTicket(1, cust_id, DateTime.Now, DateTime.Now.AddMinutes(20), false, "your custom data");
    cookiestr = FormsAuthentication.Encrypt(tkt);
    ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
    ck.Path = FormsAuthentication.FormsCookiePath;
    Response.Cookies.Add(ck);

    In the Event Viewer we are getting this message

    Event code: 4005 
    Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.

    I am not sure where I am doing wrong. Any help would be greatly appreciated

    Wednesday, July 18, 2018 5:58 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    I'm not sure but the code is a bit confusing.  Consider using the standard API rather than rolling your own.

    https://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

    The advantage of using the API is it reads the web.config so you don't have to store duplicate configurations as you're currently doing.

    If your environment is load balanced then you'll need to a static machine key across every app.  A static machine key might be a good idea anyway if your app is restarting due to a bug or saving files on the bin directly.

    Wednesday, July 18, 2018 6:12 PM