I am creating some "Remember Me" functionality as part of logging in.
When I create a persistent cookie during the login process with the following:
FormsAuthentication.SetAuthCookie("someusername", true);
And my Web.Config looks as follows:
<authentication mode="Forms">
<forms loginUrl="~/sign-in" timeout="2880" />
</authentication>
How long will the cookie be valid for before the user will be asked to provide their login details again? Also, Is there/What is the default length of time used when setting a persistent cookie?
The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.
Remarks. The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.
Persistent Cookies: Persistent Cookies are Permanent Cookies stored as a text file in the hard disk of the computer. Non-Persistent Cookies: Non-Persistent cookies are temporary. They are also called in-memory cookies and session-based cookies.
You first need to Clear the Authentication Cookie and Session Cookie by passing back empty cookies in the Response to the Logout. public ActionResult LogOff() { FormsAuthentication. SignOut(); Session. Clear(); // This may not be needed -- but can't hurt Session.
timeout
is mentioned in your authentication
module as:
<forms loginUrl="~/sign-in" timeout="2880" />
timeout="2880". This 2880 value is given in minutes. So if you divide 2880 by 60, you get 48 hours which is answer to your question. Users will have to provide their login credentials again after 48 hours period expires.
Hope it helps.
I found the answer I was looking for thanks to this article:
Dan Sellers's WebLog
where he states:
in ASP.NET 2.0 the timeout value of both persistent and session based cookies are controlled by the timeout attribute on the
<forms/>
element
So in my example the persistent cookie will expire in 48 hours.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With