Setting Forms Authentication...

[Kian Goh]

Hi there,

I am trying to use an entry level security for my resources website. I
followed the procedures in the MS published Self-Paced Training Kit,
everything seems working as expected. However, I found that the
authentication cookie never expires.

I thought the default timeout is 30 minutes. Please tell me if I miss any
step...

Thanks a lot,
Kian


<authentication mode="Forms">
<forms loginUrl="ResourcesLogon.aspx">
<credentials passwordFormat="Clear">
<user name="kk" password="dd"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" /> <!--Deny all unauthenticated users-->
</authorization>

[David Wier]

Two things - You would need to set the timeout:
<authentication mode="Forms">
<forms name=".YourAppCookieName"
loginUrl="login.aspx"
protection="All"
timeout="60" '<--------here - Number of minutes until authentication
cookie expires.
path="/"
/>
</authentication>

Also - in your login page, when you have the redirection statement - if you
have:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '<---- if you
set this to 'True", then it sets a permanent cookie, with an expiration date
about 50 years from it's creation date.


David Wier
[url]http://aspnet101.com[/url]
[url]http://aspexpress.com[/url]


"Kian Goh" <kiangoh2700544@hotmail.com> wrote in message
news:eFHBRsbXDHA.3268@tk2msftngp13.phx.gbl...

> Hi there,
>
> I am trying to use an entry level security for my resources website. I
> followed the procedures in the MS published Self-Paced Training Kit,
> everything seems working as expected. However, I found that the
> authentication cookie never expires.
>
> I thought the default timeout is 30 minutes. Please tell me if I miss any
> step...
>
> Thanks a lot,
> Kian
>
>
> <authentication mode="Forms">
> <forms loginUrl="ResourcesLogon.aspx">
> <credentials passwordFormat="Clear">
> <user name="kk" password="dd"/>
> </credentials>
> </forms>
> </authentication>
> <authorization>
> <deny users="?" /> <!--Deny all unauthenticated users-->
> </authorization>
>
>

[Kian Goh]

Thanks a lot, David.

It is working now.


"David Wier" <dwier@nospamASPNet101.com> wrote in message
news:%23nZIkDcXDHA.1744@TK2MSFTNGP12.phx.gbl...

> Two things - You would need to set the timeout:
> <authentication mode="Forms">
> <forms name=".YourAppCookieName"
> loginUrl="login.aspx"
> protection="All"
> timeout="60" '<--------here - Number of minutes until authentication
> cookie expires.
> path="/"
> />
> </authentication>
>
> Also - in your login page, when you have the redirection statement - if

you

> have:
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '<---- if you
> set this to 'True", then it sets a permanent cookie, with an expiration

date

> about 50 years from it's creation date.
>
>
> David Wier
> [url]http://aspnet101.com[/url]
> [url]http://aspexpress.com[/url]
>
>
> "Kian Goh" <kiangoh2700544@hotmail.com> wrote in message
> news:eFHBRsbXDHA.3268@tk2msftngp13.phx.gbl...

> > Hi there,
> >
> > I am trying to use an entry level security for my resources website. I
> > followed the procedures in the MS published Self-Paced Training Kit,
> > everything seems working as expected. However, I found that the
> > authentication cookie never expires.
> >
> > I thought the default timeout is 30 minutes. Please tell me if I miss

any

> > step...
> >
> > Thanks a lot,
> > Kian
> >
> >
> > <authentication mode="Forms">
> > <forms loginUrl="ResourcesLogon.aspx">
> > <credentials passwordFormat="Clear">
> > <user name="kk" password="dd"/>
> > </credentials>
> > </forms>
> > </authentication>
> > <authorization>
> > <deny users="?" /> <!--Deny all unauthenticated users-->
> > </authorization>
> >
> >

>
>