Cookie Problems

R

Rossen Hristov

Hello,

I have the following problem. I am building a ASP.NET application with Forms
Authentication.
Just for testing purposes I have set the Session timeout to 3 minutes:

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="3"
/>
I have also set the cookie timeout to 3 minutes:
<authentication mode="Forms">
<forms name="NCIWebAut"
loginUrl="Pages/Login/Login.aspx"
protection="Encryption"
timeout="3"
path="/"
slidingExpiration="true"
requireSSL="true">
</forms>
</authentication>

and here is my C# code with which I create the ticket -- just as in the MS
tutorials:
// Use security system to set the UserID within a client-side Cookie
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
txtUsername.Text,
DateTime.Now,
DateTime.Now.AddMinutes(3),
false,
txtUsername.Text);
String encryptedTicket = FormsAuthentication.Encrypt(ticket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("dataLanguage", dataLang);
// Redirect the user to Main.aspx
Response.Redirect("../Main/Main.aspx");

The problem is the following. I want to kick out the user if he hasn't made
a request in 3 minutes (just for testing purposes), but if he continually
request various aspx pages I want to keep him signed in. That is why I set
the SlidingExpiration property to true. However, I log-in, the I do not do
anything for 2 minutes and when I request an aspx page it kicks me out to
the login screen. Why? I have set the timeout to 3 minutes. This does not
make sense!
Could anyone help me?
Also, when I write 3 minutes in the web.config file, why do I need to write
this again when I create the ticket (DateTime.Now.AddMinutes(3)). Why do we
have two numbers instead of one. This isn't explained anywhere. Do these
numbers have to be the same? I am confused. The MS tutroials say do this and
this, I do it and then it does not work properly. Any ideas?
Rossen Hristov
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,982
Messages
2,570,190
Members
46,736
Latest member
zacharyharris

Latest Threads

Top