G
Guest
Hello all,
I've read through the posts out here, mostly get it, but am still trying to
understand the relationship among the ticket, the cookie, and their
expirations.
I understand that the cookie is just a holder, and that the ticket is what
I'm choosing to hold. I think I want to always set both the ticket and the
cookie to "never" expire (e.g. datetime.maxvalue). When would I *not* want to
do it this way? I know it has to do with kicking out users I no longer want
in my system (or whose roles have changed), but in this case don't I always
need to have a separate mechanism anyway for revalidating against the
database (e.g. at session start), no matter what the ticket says?
Hoping somebody can help me get this straight.
Thanks,
Bill
I've read through the posts out here, mostly get it, but am still trying to
understand the relationship among the ticket, the cookie, and their
expirations.
I understand that the cookie is just a holder, and that the ticket is what
I'm choosing to hold. I think I want to always set both the ticket and the
cookie to "never" expire (e.g. datetime.maxvalue). When would I *not* want to
do it this way? I know it has to do with kicking out users I no longer want
in my system (or whose roles have changed), but in this case don't I always
need to have a separate mechanism anyway for revalidating against the
database (e.g. at session start), no matter what the ticket says?
Hoping somebody can help me get this straight.
Thanks,
Bill