Why authentication Ticket expires

[Tony]

Can anybody tells if I'm doing something wrong in this code
and why the user authentication ticket always expires 30
minutes later, even though I set the cookie expiration
date to the maximum value, and if I'm reading the cookie
back the right way ?


Dim myTicket As New FormsAuthenticationTicket(1, _
myUser_, _
DateTime.Now, _
DateTime.Now.AddMinutes(30), _
myCheckbox.Checked, _
myUserData, _
FormsAuthentication.FormsCookiePath)

Dim hash As String = FormsAuthentication.Encrypt(myTicket)
Dim myCookie As HttpCookie
=New HttpCookie(FormsAuthentication.FormsCookieName, hash)

If (myTicket.IsPersistent) Then myCookie.Expires=
DateTime.MaxValue

Response.Cookies.Add(myCookie)
Dim url As String = FormsAuthentication.GetRedirectUrl
(myUser, true)
Response.Redirect(url)



'THEN I READ THE COOKIE IN THE Global.asax FILE:
If (Not (HttpContext.Current.User Is Nothing)) Then
If (HttpContext.Current.User.Identity.IsAuthenticated ) Then
If (HttpContext.Current.User.Identity.AuthenticationT ype
= "Forms") Then

Dim myID As System.Web.Security.FormsIdentity =
HttpContext.Current.User.Identity
Dim myTicket As
System.Web.Security.FormsAuthenticationTicket = myID.Ticket

Dim userData As String = myTicket.UserData
Dim myRoles As String() = Split (userData, ",")
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(myID, myRoles)
End If
End If
End If

[MSFT]

Hi Tony,

In the Constructor of FormsAuthenticationTicket, you have specify the
expiration date:

DateTime.Now, _
DateTime.Now.AddMinutes(30),

If you change it to:

DateTime.Now.AddMinutes(60),

Will the expire date be set to 60 minutes?

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[tony]

Hi Luke,
when I set the Ticket expiration time to :
DateTime.Now.AddMinutes(30)
and then later I set the Cookie expiration time to the
maximum value , isn't that suppose to overwite the
expiration time for the Ticket set in the first statement ?

What I'm doing basically is:
create the ticket and set its expiration time to 30 minutes

then I check if the user checked the Checkbox(remember my
password) and reset the expiration time to the max value.
If (myTicket.IsPersistent) Then taskCookie.Expires =
DateTime.MaxValue

>-----Original Message-----
>Hi Tony,
>
>In the Constructor of FormsAuthenticationTicket, you have

specify the

>expiration date:
>
> DateTime.Now, _
>DateTime.Now.AddMinutes(30),
>
>If you change it to:
>
>DateTime.Now.AddMinutes(60),
>
>Will the expire date be set to 60 minutes?
>
>Luke
>Microsoft Online Support
>
>Get Secure! [url]www.microsoft.com/security[/url]
>(This posting is provided "AS IS", with no warranties,

and confers no

>rights.)
>
>
>
>
>.
>

[MSFT]

Hi Tony,

It won't overwite the expiration time in this way. You may create
FormsAuthenticationTicket object with different parameters based on the
myCheckbox.Checked.

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)