ASP.NET Forms Authentication cookie does not expire

Question

ASP.NET Forms Authentication cookie does not expire

I am having a problem with a site where I am using ASP.NET SQL Member Provider. Everything works correctly the first time you log in. Ie, the user is directed to the login page and after successful login, they are sent the original page they requested.

However, after closing the browser and reopening it, the authentication cookie still exists. They can go straight to any page that requires authentication without logging in.

I have another site where I use the same membership provider and it behaves differently. When I check the cookies in Firefox, the site with the problem has "Expires: Monday, April 26, 2010 2:23:50 AM" "The site that is working correctly has" Expires: at the end of session ".

The expiration time parameter is the same for both sites:


    authentication mode="Forms"
      forms name=".MySite" protection="All" path="/"
             loginUrl="mySite/login.aspx" slidingExpiration="true" timeout="30"   
             requireSSL="false"
    authentication

(I removed the item separators in the above code link as it messed up the editor)

Ultimately, I want the timeout to be 30 minutes, but I also want the cookie to expire when the user closes the browser. I don't want him to sit in the car for 30 minutes. This is how it works on another site I'm working on and I'm not sure what the difference is.

Thanks -Shane

+2

authentication cookies asp.net

Shane Apr 26. 10 at 18:26

source to share

1 answer

Daniel Auger · Accepted Answer · 2010-04-26T18:53:02+0000

Have you tried setting cookie persistence to false in the code on the login page that writes the cookie?

Example:

FormsAuthentication.RedirectFromLoginPage(userName, false);

ASP.NET Forms Authentication cookie does not expire

More articles: