Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Persistent Auth Token Expires

I have an ASP.NET MVC application using forms authentication. Here's the line of code where I create the auth token:

FormsAuthentication.SetAuthCookie(username, true);

My web.config contains:

<system.web>
  <machineKey validationKey="{unique key}" decryptionKey="{unique key}" validation="SHA1" decryption="AES" />
  <authentication mode="Forms">
    <forms loginUrl="~/account/" timeout="2880" />
  </authentication>
  ...
</system.web>
<location path="my">
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
  </system.web>
</location>

Despite the parameter for the persistent cookie being set to true, my users get logged out after a few days of inactivity.

The app is deployed to AppHarbor, but I experienced the same behavior when it was hosted on a dedicated server.

What am I missing that would cause users to get logged out sporadically?

like image 304
Jeff Handley Avatar asked Oct 24 '22 15:10

Jeff Handley


1 Answers

Your timeout is set to 2880 minutes, which is 48 hours?

timeout is used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime of the persistent cookie.

http://msdn.microsoft.com/en-us/library/ff647070.aspx

like image 55
Danny Tuppeny Avatar answered Oct 31 '22 10:10

Danny Tuppeny