Why authentication Ticket expires

T

Tony

Can anybody tells if I'm doing something wrong in this code
and why the user authentication ticket always expires 30
minutes later, even though I set the cookie expiration
date to the maximum value, and if I'm reading the cookie
back the right way ?


Dim myTicket As New FormsAuthenticationTicket(1, _
myUser_, _
DateTime.Now, _
DateTime.Now.AddMinutes(30), _
myCheckbox.Checked, _
myUserData, _
FormsAuthentication.FormsCookiePath)

Dim hash As String = FormsAuthentication.Encrypt(myTicket)
Dim myCookie As HttpCookie
=New HttpCookie(FormsAuthentication.FormsCookieName, hash)

If (myTicket.IsPersistent) Then myCookie.Expires=
DateTime.MaxValue

Response.Cookies.Add(myCookie)
Dim url As String = FormsAuthentication.GetRedirectUrl
(myUser, true)
Response.Redirect(url)



'THEN I READ THE COOKIE IN THE Global.asax FILE:
If (Not (HttpContext.Current.User Is Nothing)) Then
If (HttpContext.Current.User.Identity.IsAuthenticated) Then
If (HttpContext.Current.User.Identity.AuthenticationType
= "Forms") Then

Dim myID As System.Web.Security.FormsIdentity =
HttpContext.Current.User.Identity
Dim myTicket As
System.Web.Security.FormsAuthenticationTicket = myID.Ticket

Dim userData As String = myTicket.UserData
Dim myRoles As String() = Split (userData, ",")
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(myID, myRoles)
End If
End If
End If
 
M

MSFT

Hi Tony,

In the Constructor of FormsAuthenticationTicket, you have specify the
expiration date:

DateTime.Now, _
DateTime.Now.AddMinutes(30),

If you change it to:

DateTime.Now.AddMinutes(60),

Will the expire date be set to 60 minutes?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
T

tony

Hi Luke,
when I set the Ticket expiration time to :
DateTime.Now.AddMinutes(30)
and then later I set the Cookie expiration time to the
maximum value , isn't that suppose to overwite the
expiration time for the Ticket set in the first statement ?

What I'm doing basically is:
create the ticket and set its expiration time to 30 minutes

then I check if the user checked the Checkbox(remember my
password) and reset the expiration time to the max value.
If (myTicket.IsPersistent) Then taskCookie.Expires =
DateTime.MaxValue
 
M

MSFT

Hi Tony,

It won't overwite the expiration time in this way. You may create
FormsAuthenticationTicket object with different parameters based on the
myCheckbox.Checked.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Authentication Ticket not storing UserData 0
Roles and Forms Authentication problems 1
Ticket disappears when browser is closed 3
Problem with forms authentication roles 0
Forms Authentication. Roles problem in IIS7. Any idea? Anyone? 0
Cookies Expiring due to different time zones. 5
forms authentication question 1
forms authentication question 0

Members online

Total: 71 (members: 2, guests: 69)
Robots: 357

Forum statistics

Threads
473,968
Messages
2,570,153
Members
46,701
Latest member
XavierQ83

Latest Threads

Top