Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Persistent cookie timeout with FormsAuthentication

I am creating some "Remember Me" functionality as part of logging in.

When I create a persistent cookie during the login process with the following:

FormsAuthentication.SetAuthCookie("someusername", true);

And my Web.Config looks as follows:

<authentication mode="Forms">
  <forms loginUrl="~/sign-in" timeout="2880" />
</authentication>

How long will the cookie be valid for before the user will be asked to provide their login details again? Also, Is there/What is the default length of time used when setting a persistent cookie?

like image 472
cda01 Avatar asked Oct 07 '11 00:10

cda01


People also ask

What does FormsAuthentication SetAuthCookie do?

The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.

What is FormsAuthentication FormsCookieName?

Remarks. The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.

What is persistent cookie C#?

Persistent Cookies: Persistent Cookies are Permanent Cookies stored as a text file in the hard disk of the computer. Non-Persistent Cookies: Non-Persistent cookies are temporary. They are also called in-memory cookies and session-based cookies.

How do I remove authentication from a cookie form?

You first need to Clear the Authentication Cookie and Session Cookie by passing back empty cookies in the Response to the Logout. public ActionResult LogOff() { FormsAuthentication. SignOut(); Session. Clear(); // This may not be needed -- but can't hurt Session.


2 Answers

timeout is mentioned in your authentication module as:

<forms loginUrl="~/sign-in" timeout="2880" />

timeout="2880". This 2880 value is given in minutes. So if you divide 2880 by 60, you get 48 hours which is answer to your question. Users will have to provide their login credentials again after 48 hours period expires.

Hope it helps.

like image 120
Jogi Avatar answered Oct 19 '22 18:10

Jogi


I found the answer I was looking for thanks to this article:

Dan Sellers's WebLog

where he states:

in ASP.NET 2.0 the timeout value of both persistent and session based cookies are controlled by the timeout attribute on the<forms/>element

So in my example the persistent cookie will expire in 48 hours.

like image 23
cda01 Avatar answered Oct 19 '22 17:10

cda01