[Mono-devel-list] FormsAuthenticationTicket expiration

Gonzalo Paniagua Javier gonzalo at ximian.com
Tue Aug 17 12:38:48 EDT 2004

On Mon, 2004-08-16 at 15:58, jpease at twcny.rr.com wrote:
> I am developing an asp.net application that requires that
> authenticated users timeout after some fixed amount of inactivity. 
> Using forms authentication, when the expiration date/time is reached
> for a FormsAuthenticationTicket, it appears that a new ticket is being
> generated and sent.  As far as I know and would assume, expiration of
> the auth ticket should result in a redirect to the login page, or
> should at least show as being expired.  I think this may be a bug.
> This can be regenerated with the authtest code (from xsp source) by
> adding a timeout to the <forms> section in the web.config.  Using a
> quick timeout, authenticate and sit inactive at the index.aspx page. 
> After the ticket should have expired, a refresh results in an updated
> ticket and no redirect.

Can you file a bug report for this with detailed instructions on how to
reproduce the problem?



More information about the Mono-devel-list mailing list