I have a testproject, and the form timeout specified in web.config overrides the timeout that I set in FormsAuthenticationTicket. According to the documentation, the timeout (expiration) in FormsAuthenticationTicket should override the timeout in web.config.
Documentation found at: http://support.microsoft.com/kb/910443 If the ticket is generated manually by using the FormsAuthenticationTicket class, the time-out can be set through the Expiration attribute. This value will override the timeout attribute value specified in configuration files. If the ticket is generated manually by using the FormsAuthenticationTicket class, the time-out can be set through the Expiration attribute. This value will override the timeout attribute value specified in configuration files.
Here is my code:
Web.config:
<authentication mode="Forms"> <forms timeout="1" loginUrl="login.aspx" name="sessionTest" cookieless="UseCookies" defaultUrl="default.aspx" /> </authentication>
Login.aspc.cs:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(Login1.UserName, false, 2); string encryptedTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); Response.Cookies.Add(cookie);
Now when I log in, I get a redirect after 1 minute of inactivity. This should not be, right? I should be redirected after 2 minutes.
Can anyone explain this?
source share