FormsAuthentication Timeout not reset

C

Chuck

I'm using forms authentication with a 50 minute timeout and sliding expiration.
The ticket expiration value is not being reset after greater than 25
minutes. I have session variables turned off.
I'm using roles and have the same experience whether I use role cookies or
not.
No async postbacks on the page.

I setup an nUnit test which postsbacks the page every minute.
I log the authentication ticket expiration time value every post.

The ticket.Expiration value is not changing.
After 50 minutes I am redirected to the login page.
 
A

Allen Chen [MSFT]

Hi,
I'm using forms authentication with a 50 minute timeout and sliding expiration.
The ticket expiration value is not being reset after greater than 25
minutes. I have session variables turned off.
I'm using roles and have the same experience whether I use role cookies or
not.
No async postbacks on the page.
I setup an nUnit test which postsbacks the page every minute.
I log the authentication ticket expiration time value every post.
The ticket.Expiration value is not changing.
After 50 minutes I am redirected to the login page.


I did a test following your description but I cannot reproduce this
problem. For test purpose I set timeout to one minute. Then I click the
button every few seconds. 30 seconds elapsed after the first page load and
the expire time is updated on the next postback. My test code is like below:

aspx.cs:

protected void Page_Load(object sender, EventArgs e)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
var expire= id.Ticket.Expiration;
Response.Write("expiration:" + expire);
}

aspx:

<form id="form1" runat="server">
<div>

<input id="time" />
<asp:Button ID="Button1" runat="server" Text="Button" />
</div>

<script type="text/javascript">
var seconds = 0;
function timedMsg() {
document.getElementById("time").value = seconds;
var t = setTimeout("timedMsg()", 1000);
seconds++;
}
var d = new Date();

var curr_hour = d.getHours();
var curr_min = d.getMinutes();
var curr_sec=d.getSeconds();
document.write(curr_hour + " : " + curr_min + ":" + curr_sec);

timedMsg();
</script>
</form>

web.config:

<forms loginUrl="Login.aspx" timeout="1" slidingExpiration="true">

</forms>

Could you please create a new project to test the above code? Does it work?

As far as I know it's unlikely that the internal mechanism of ASP.NET
breaks. Are you using custom HttpModule for authentication? Please read the
following article which describes a similar issue:

http://weblogs.asp.net/owscott/archive/2006/07/15/Forms-Authentication-Timeo
ut.aspx

Please let me know your test result. We can then work together to do
further investigation.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
C

Chuck

Allen,

FYI,
We are sharing the FormsAuthentication cookies across servers.
We found the sliding timeout does not work unless you set the optional Forms
Authentication parameter for domain (which overrides the cookie domain).

Don't know why but that setting fixed it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,813
Latest member
lawrwtwinkle111

Latest Threads

Top