I'm using forms authentication in asp.net.i have set my Authenticate cookie expiration to 60 mins,Session time out to 60 mins in web.config, time out in web.config to 60 mins and also in iis idle time out to 60 mins
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="60" defaultUrl="~/Landing.aspx" slidingExpiration="true"/>
</authentication>
<system.web>
<sessionState timeout="60" mode="InProc"/>
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
2, // Version number
txtUserName.Text.Trim(), // Username
DateTime.Now, // Issue date
DateTime.Now.AddMinutes(60), // Expiration date
false, // Persistent?
userData // User data
);
since i'm using forms authentication if the user is idle for 60 mins user should be redirected to login page after 60 mins.but i need to know what will happen if user is not idle for 60 mins.does the authenticate cookie will expire? despite the fact that user is still authenticated?
EDIT
i missed one more thing i have set Application Pool Identity in IIS to Network Service
Yes the user will still expire, and he/she will not be authorized to use resources available on the server. You are using Forms Authentication Cookie, which is a simple container for the FormsAuthentication Ticket.
Because your ticket is non-persistent, this will cause your "cookie" to expire which will redirect the user to the LOGIN PAGE. Note this handles "authentication" only, and not to be confused with Session.
You may have Session "expire", but the user is still authenticated, and that could be a problem.
So to answer your question directly, the "User authentication" will expire, and he/she will be redirected to Login page, to which a new cookie will be created on Login, that will create another "Session" object. Overtime the previous one will expire.
Advice: Make Forms Timeout in "Web.config" smaller than Session. Don't build a dependency on Session for any Auth/Security related; the two are different containers and should be treated as such.
Better you read the links below. It'll be faster for you. take a look at slidingExpiration
The expiration is refreshed on each request before half time of expiration.
Understanding the Forms Authentication Ticket and Cookie and forms Element
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.