[Mono-devel-list] FormsAuthenticationTicket expiration
jpease at twcny.rr.com
jpease at twcny.rr.com
Mon Aug 16 15:58:27 EDT 2004
I am developing an asp.net application that requires that authenticated users timeout after some fixed amount of inactivity. Using forms authentication, when the expiration date/time is reached for a FormsAuthenticationTicket, it appears that a new ticket is being generated and sent. As far as I know and would assume, expiration of the auth ticket should result in a redirect to the login page, or should at least show as being expired. I think this may be a bug.
This can be regenerated with the authtest code (from xsp source) by adding a timeout to the <forms> section in the web.config. Using a quick timeout, authenticate and sit inactive at the index.aspx page. After the ticket should have expired, a refresh results in an updated ticket and no redirect.
Any help is appreciated :-)
More information about the Mono-devel-list
mailing list