Specifying ASP.NET Forms Authentication Timeout in Code

Microsoft’s Forms Authentication is the preferred mechanism to get login and security up-and-running on ASP.NET applications. In fact, it comes enabled by default in ASP.NET MVC projects.

Typically, you’d configure the timeout via IIS, or by directly editing the web.config for the application.

<!-- Example Web Config --> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" /> </authentication> 

By default, your MVC application calls FormsAuthentication.SetAuthCookie(), which sets a cookie using the timeout declared in your web.config file. This is good for setting a default timeout, but there may...

Continue reading