ASP.NET Forms Authentication cookie does not expire
I am having a problem with a site where I am using ASP.NET SQL Member Provider. Everything works correctly the first time you log in. Ie, the user is directed to the login page and after successful login, they are sent the original page they requested.
However, after closing the browser and reopening it, the authentication cookie still exists. They can go straight to any page that requires authentication without logging in.
I have another site where I use the same membership provider and it behaves differently. When I check the cookies in Firefox, the site with the problem has "Expires: Monday, April 26, 2010 2:23:50 AM" "The site that is working correctly has" Expires: at the end of session ".
The expiration time parameter is the same for both sites:
authentication mode="Forms" forms name=".MySite" protection="All" path="/" loginUrl="mySite/login.aspx" slidingExpiration="true" timeout="30" requireSSL="false" authentication
(I removed the item separators in the above code link as it messed up the editor)
Ultimately, I want the timeout to be 30 minutes, but I also want the cookie to expire when the user closes the browser. I don't want him to sit in the car for 30 minutes. This is how it works on another site I'm working on and I'm not sure what the difference is.
source to share