Specifying ASP.NET Forms Authentication Timeout in Code
Microsoft’s Forms Authentication is the preferred mechanism to get login and security up-and-running on ASP.NET applications. In fact, it comes enabled by default in ASP.NET MVC projects.
Typically, you’d configure the timeout via IIS, or by directly editing the web.config
for the application.
<!-- Example Web Config -->
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" />
</authentication>
By default, your MVC application calls FormsAuthentication.SetAuthCookie()
, which sets a cookie using the timeout declared in your web.config
file. This is good for setting a default timeout, but there may be certain cases where you’d like a longer timeout per user role or some other criteria.
In these cases, you can use a FormsAuthenticationTicket
object to specify your own expiration date, as shown...