ASPXAUTH Cookie Expiring

Question

I have a page withing my app that is built entirely on jQuery AJAX. All fine and dandy, user experience is lovely, but an issue which I have been unable to fix is session timeout.

Despite various attempts to add a "heartbeat" (including posting to a custom http handler that updates a session variable and loading a blank page to an iframe to ensure the page lifecycle completes) I still religiously get an authentication error.

As far as I can tell the ASPXAUTH cookie is not being updated as I would hope, the timeout period elapses and then I get my error. The next time my "heatbeat" fires however the server gives me a new cookie and then I'm fine until the next timeout.

Any insight would be greatly appreciated.

Thanks in advance.

Answer 1

If the ASP.NET process ends (I believe the default is for the process to end after 10 minutes of inactivity) and you haven't set explicit authentication settings for the site, you will see this.

You can address it by either increasing the idle timeout in IIS (instructions for IIS7 / Windows 2008) or by setting a machineKey in the web.config file. A pretty thorough answer on what machineKey does can be found here and a generator for the machineKey section can be found at http://aspnetresources.com/tools/machineKey.

Answer 2

I remember long time ago facing some issues with login expiration (which is different from session time out in ASP.Net) The issue was because I was creating a custom auth cookie and not using the standard redirect methods. Are you doing something similar? If so, you might have to update the cookie by hand and not simply rely on the sliding expiration magic.

In order for the community to help, I think that you should update your post with the following:

• Section config for forms auth
• Section config for session
• Code used for login