[Mono-devel-list] FormsAuthenticationTicket expiration

jpease at twcny.rr.com jpease at twcny.rr.com
Mon Aug 16 15:58:27 EDT 2004

I am developing an asp.net application that requires that authenticated users timeout after some fixed amount of inactivity.  Using forms authentication, when the expiration date/time is reached for a FormsAuthenticationTicket, it appears that a new ticket is being generated and sent.  As far as I know and would assume, expiration of the auth ticket should result in a redirect to the login page, or should at least show as being expired.  I think this may be a bug.

This can be regenerated with the authtest code (from xsp source) by adding a timeout to the <forms> section in the web.config.  Using a quick timeout, authenticate and sit inactive at the index.aspx page.  After the ticket should have expired, a refresh results in an updated ticket and no redirect.

Any help is appreciated :-)

More information about the Mono-devel-list mailing list