J
Joe Fallon
If I use Forms authentication and State Server I end up with 2 entries in
the cookie sent to the browser.
Is this correct:
If the session is set to timeout in 20 minutes that means that of there is
no activity for 20 minutes then the session will expire and the user will
have to log in again.
If the user is active for 20 minutes and then is idle for the next 15 the
session has not timed out and they should not have to log in again. But does
the authentication ticket in the cookie expire in 30 minutes? If so, does
THAT force a log in again? What is the "best" way to coordinate these 2 to
minimize the amount of re-logging in and yet maintaining some basic level of
security?
Thanks!
the cookie sent to the browser.
Is this correct:
If the session is set to timeout in 20 minutes that means that of there is
no activity for 20 minutes then the session will expire and the user will
have to log in again.
If the user is active for 20 minutes and then is idle for the next 15 the
session has not timed out and they should not have to log in again. But does
the authentication ticket in the cookie expire in 30 minutes? If so, does
THAT force a log in again? What is the "best" way to coordinate these 2 to
minimize the amount of re-logging in and yet maintaining some basic level of
security?
Thanks!