I was surprised that I could not find a good answer to this question at interwebz, so we are here.
I install FormsAuthenticationTicket, which expires in a week. This is used in tandem with the Remember Me setting, which we use in our login form. This is achieved by:
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName);
var authTicket = new FormsAuthenticationTicket(1, user.Email, DateTime.Now, DateTime.Now.AddHours(168), true, userData);
var encryptedTicket = FormsAuthentication.Encrypt(authTicket);
cookie.Value = encryptedTicket;
cookie.Expires = authTicket.Expiration;
With this, I also extended the session timeout, as many of our users open the application for a long period of time:
<forms loginUrl="~/account/sign-in" timeout="10080" name="t5S4U4Y152" domain=".xxxxxxx.xxx.xxxxx"/>
My question is:
I was asked to make this cookie not expiring, so that as long as the user saves it, they will always be logged in - a more or less endless login. Is there a default value that I can set for a ticket and a timeout to achieve this?
, 50 , , ?