Meaning Of Timeout In FOrms Authentication..????

[.NET Follower]

does Timeout deletes automatically the cookie in the clients browser

i relied on forms cookie to authenticate the user
and had set timeout to i min
but even after i1 min
user is authenticated ...
so we cannot use only forms cookie
is it true

only on signout method it deletes the cookie from client
not on timeout??????????????





--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004

[Hernan de Lahitte]

Hi,

You should take into account two things (at least) when you use Forms Auth
regarding to cookie issues.

1) Persistent cookies do not time out, so watch out for
"createPersistentCookie " argument in RedirectFromLoginPage method.

2) As the documentation specifies, if the SlidingExpiration attribute is
true (this is the default in v1.0 and false in v1.1), the timeout attribute
is a sliding value, expiring at the specified number of minutes after the
time the last request was received and be aware that the cookie is updated
when more than half the specified time has elapsed (not immediately after
the request was received).

--
Hernan de Lahitte
Lagash Systems S.A.




".NET Follower" <amitagarwal-NET@SoftHome.net> wrote in message
news:eC4WVAT7DHA.712@tk2msftngp13.phx.gbl...

>
>
> does Timeout deletes automatically the cookie in the clients browser
>
> i relied on forms cookie to authenticate the user
> and had set timeout to i min
> but even after i1 min
> user is authenticated ...
> so we cannot use only forms cookie
> is it true
>
> only on signout method it deletes the cookie from client
> not on timeout??????????????
>
>
>
>
>
> --
> Thanks and Regards,
>
> Amit Agarwal
> Software Programmer(.NET)
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
> Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004
>
>

[Hernan de Lahitte]

I don't know if I'm missing something here but if the user tries to access
any page after 1 minute, he will be redirected to the specified logon page.
This is assumed, based on a config setting like this:

<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
path="/"
timeout="1"
slidingExpiration="true"/>
</authentication>
<authorization>
<deny users = "?" />
<allow users= "*" />
</authorization>

Please, tell me more details about the problem in order to help you out.

--
Hernan de Lahitte
Lagash Systems S.A.




".NET Follower" <amitagarwal-NET@SoftHome.net> wrote in message
news:eC4WVAT7DHA.712@tk2msftngp13.phx.gbl...

>
>
> does Timeout deletes automatically the cookie in the clients browser
>
> i relied on forms cookie to authenticate the user
> and had set timeout to i min
> but even after i1 min
> user is authenticated ...
> so we cannot use only forms cookie
> is it true
>
> only on signout method it deletes the cookie from client
> not on timeout??????????????
>
>
>
>
>
> --
> Thanks and Regards,
>
> Amit Agarwal
> Software Programmer(.NET)
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
> Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004
>
>

[.NET Follower]

my ? though i am seting timeout to be 1 min
the auth page is able to access..
the cookie is not deleted from the clients machine....
thought signout deletes the cookies..


--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)
"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:esRnmFy7DHA.1596@TK2MSFTNGP10.phx.gbl...

> I don't know if I'm missing something here but if the user tries to access
> any page after 1 minute, he will be redirected to the specified logon

page.

> This is assumed, based on a config setting like this:
>
> <authentication mode="Forms">
> <forms loginUrl="Login.aspx"
> protection="All"
> path="/"
> timeout="1"
> slidingExpiration="true"/>
> </authentication>
> <authorization>
> <deny users = "?" />
> <allow users= "*" />
> </authorization>
>
> Please, tell me more details about the problem in order to help you out.
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
>
>
>
>
> ".NET Follower" <amitagarwal-NET@SoftHome.net> wrote in message
> news:eC4WVAT7DHA.712@tk2msftngp13.phx.gbl...

> >
> >
> > does Timeout deletes automatically the cookie in the clients browser
> >
> > i relied on forms cookie to authenticate the user
> > and had set timeout to i min
> > but even after i1 min
> > user is authenticated ...
> > so we cannot use only forms cookie
> > is it true
> >
> > only on signout method it deletes the cookie from client
> > not on timeout??????????????
> >
> >
> >
> >
> >
> > --
> > Thanks and Regards,
> >
> > Amit Agarwal
> > Software Programmer(.NET)
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
> > Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004
> >
> >

>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.580 / Virus Database: 367 - Release Date: 2/6/2004