Forms timeout doesn't appear to be working.

  • Thread starter Thread starter Mufasa
  • Start date Start date
M

Mufasa

Folks,
This is sort of a continuation of my question with session timeouts but
slightly different.

I am using Forms authentication with the following code:

FormsAuthenticationTicket lTicket = new
FormsAuthenticationTicket(lsUserID, true, 6000);
// Hash the cookie for transport
string lHash = FormsAuthentication.Encrypt(lTicket);
System.Web.HttpCookie lCookie = new
System.Web.HttpCookie(FormsAuthentication.FormsCookieName, lHash); // Hashed
ticket
// Add the cookie to the list for outgoing response
Response.Cookies.Add(lCookie);

Response.Redirect("~/RM/LoginCustomer.aspx");

I realize the length on the ticket is really REALLY long but at the moment I
want it that way. The problem is, it appears as if the ticket is timing out
after 30 minutes. My session timeout is set using the following code in
web.config:

<sessionState cookieless="false" timeout="480"/>

I realize the timeouts are different but I'm just trying to get it to work.

Is there anything else I need to do to make this work? It seems like it
shouldn't time out but is.

I already have code that says if my login ID, which is stored in the session
is gone, redirect to the login page. But I don't want it to disappear in the
first place. This happens after 30 minutes.

I can't tell for sure whether it's because the session has timed out or the
form ticket has. I have a feeling it's the session timeout because if I take
out the check for the user ID, I get Object Not Defined when I try and
access Session variables.

TIA - Jeff.
 
session tickets and authentication tickets are unrelated to each other. if
you are using inproc sessions you need to worry about recycle events. a
recycle will cause a loss of session. a recycle can be caused by too much
memeory use, idle timeout (20 minutes default), file changes, etc).

if you are the only user, then the idle recycle is probably causing the
recycle.

-- bruce (sqlwork.com)
 
Back
Top