Setting Forms Authentication...

  • Thread starter Thread starter Kian Goh
  • Start date Start date
K

Kian Goh

Hi there,

I am trying to use an entry level security for my resources website. I
followed the procedures in the MS published Self-Paced Training Kit,
everything seems working as expected. However, I found that the
authentication cookie never expires.

I thought the default timeout is 30 minutes. Please tell me if I miss any
step...

Thanks a lot,
Kian


<authentication mode="Forms">
<forms loginUrl="ResourcesLogon.aspx">
<credentials passwordFormat="Clear">
<user name="kk" password="dd"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" /> <!--Deny all unauthenticated users-->
</authorization>
 
Two things - You would need to set the timeout:
<authentication mode="Forms">
<forms name=".YourAppCookieName"
loginUrl="login.aspx"
protection="All"
timeout="60" '<--------here - Number of minutes until authentication
cookie expires.
path="/"
/>
</authentication>

Also - in your login page, when you have the redirection statement - if you
have:
FormsAuthentication.RedirectFromLoginPage(txtUID.text, True) '<---- if you
set this to 'True", then it sets a permanent cookie, with an expiration date
about 50 years from it's creation date.


David Wier
http://aspnet101.com
http://aspexpress.com
 
Thanks a lot, David.

It is working now.


David Wier said:
Two things - You would need to set the timeout:
<authentication mode="Forms">
<forms name=".YourAppCookieName"
loginUrl="login.aspx"
protection="All"
timeout="60" '<--------here - Number of minutes until authentication
cookie expires.
path="/"
/>
</authentication>

Also - in your login page, when you have the redirection statement - if you
have:
FormsAuthentication.RedirectFromLoginPage(txtUID.text, True) '<---- if you
set this to 'True", then it sets a permanent cookie, with an expiration date
about 50 years from it's creation date.


David Wier
http://aspnet101.com
http://aspexpress.com
Click to expand...
 
Back
Top