Forms Authentication Ticket Reissue

[Stefan Leyhane]

When using Forms Authentication with the SlidingExpiration attribute
set to 'true', the authentication ticket is reissued sometime after
half of the timeout value specified has elapsed.

From the documentation:
"To prevent compromised performance, and to avoid multiple browser
warnings for users that have cookie warnings turned on, the cookie is
updated when more than half the specified time has elapsed."

How is it possible to trap the ticket reissue? I have not been able
to find an event where I can catch it (even the Application_EndRequest
event).

Some more details: I'm using forms authentication with role-based
security in a manner very close to the way it is documented many
places such as at "http://weblogs.asp.net/cazzu/archive/2004/07/21/FormsAuthRoles.aspx".
I'm storing the user's roles in the user data of the authentication
ticket.

I have the added complication that I need to explicitly set the domain
on the authentication cookie since I share it with some other
applications running in other subdomains. For example, if my
application is running in 'dev.xyz.com', the cookie domain gets set to
'xyz.com'. When the authentication ticket is reissued a cookie with
the 'dev.xyz.com' is being created instead -- causing all sorts of
problems.

Any help is appreciated. Thanks,

Stefan

 

[Hernan de Lahitte]

What path do you have configured in the path attribute in Forms
configuration ? (the default "/" perhaps?)

The ticket renewal will use the same path that you have configured in your
forms config section or the ccokiepath parameter in RedirectFromLoginPage
method:

RedirectFromLoginPage(string userName, bool createPersistentCookie, string
strCookiePath)

This article (http://www.codeproject.com/aspnet/aspnetsinglesignon.asp) may
be of help as well.