cookie timeout

  • Thread starter Thread starter jbhabion
  • Start date Start date
J

jbhabion

Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
<system.web>
<sessionState timeout="20" />
<authentication mode="Windows">
<forms name=".ComapanyCookie" loginUrl="login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John
 
Hello,

I am developping some webpages where our PDA-user can access some
company information. Our webserver has asp.net 1.1 installed.

Users can login and access the information, after a period of non-
activity the session should expire and the user has to login again. I
tried to do this with the following web.config.

<configuration>
 <system.web>
    <sessionState timeout="20" />
    <authentication mode="Windows">
       <forms name=".ComapanyCookie" loginUrl="login.aspx" />
    </authentication>
    <authorization>
       <deny users="?" />
    </authorization>
 </system.web>
</configuration>

When accessing the site there appears a pop-up and we can login.
However the session never expires. I was told this has something to do
with a persistent cookie that defaults to a timeout of 50 years.

What do I have to do get the time-out of 20 minutes.

Thanks,

John
Click to expand...

When you have authentication mode set to "Windows" why do you need to
"login" user again? Your web.config file has forms attribute which is
for custom Forms-based authentication.

http://msdn.microsoft.com/en-us/library/532aee0e.aspx
 
Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John
 
Hello Alexey,

I agree, ther forms attribute is not needed. A call to login.aspx is
never made since I changed from Forms to Windows. Windows
Authentication uses it's own pop-up window.

Problem is when used in there is no time-out, how can I change my code
so the specified time-out is used.

John
Click to expand...

Hi John,

If you have already logged on to Windows, and the browser is
configured to automatically send credentials, Integrated Windows
authentication uses your logon information to authenticate you, so it
won't prompt you for a username and password. To force a logon dialog
try to send HTTP 401 message

Response.StatusCode = 401;
Response.StatusDescription = "Unauthorized";
Response.End();

How to detect a timeout
http://www.google.com/search?hl=en&q=detect+timeout+asp.net

Hope this helps
 
Back
Top