Best IT Recipes

FormsAuthenticationTicket.expiration v Web.config timeout value

This is the MVC2 website, I have a problem with the FormsAuthentication ticket. The user timeout after 30 minutes cannot log in again. During testing, the value of DateTime.Now.AddMinutes (30) was set to 5000, and everything was fine, but now it has changed to 30, and then a problem occurred.

From creating a cookie

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, user.UserID, DateTime.Now, DateTime.Now.AddMinutes(30), false, "user,user1", FormsAuthentication.FormsCookiePath);

Web.config File

 <authentication mode="Forms"> <forms loginUrl="~/Account.mvc/LogOn" timeout="2880" name=".ASPXFORMSAUTH" /> </authentication>

Should the validity value when creating a ticket be> = web.config value?

+12
c # cookies asp.net-mvc-2
Mar 02 '11 at 18:17
source share
1 answer

Since you manually create an authentication cookie, the timeout value in your web.config is completely ignored. Therefore, I would recommend that you have the same meaning:

 var ticket = new FormsAuthenticationTicket( 1, user.UserID, DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes), false, "user,user1", FormsAuthentication.FormsCookiePath ); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { HttpOnly = true, Secure = FormsAuthentication.RequireSSL, Path = FormsAuthentication.FormsCookiePath, Domain = FormsAuthentication.CookieDomain }; Response.AppendCookie(cookie);
+23
Mar 02 '11 at 18:21
source share


More articles:


All Articles