forms authentication - no logout

Question

Usually I have:

<authentication mode="Forms">
<forms loginUrl="Login.aspx"
   timeout="30"
   slidingExpiration="true"
</authentication>

which (IMHO) means that the cookie expires after 30 minutes of inactivity - sliding expiration means that any activity sets the cookie's expiry time back to 30 minutes.

Now I have the requirement that I would like the cookie to be stored indefinately, unless the user logs out explicitly. This means, that even if the browser is closed and reopened and the user goes to a side that requires authentication, no login is required. Is this possible?

Possible duplicate of http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication#477579 — nunespascal, Feb 28 '13 at 10:50

score 1 · Accepted Answer · answered Feb 28 '13 at 10:42

1

What you describe sounds equivalent to forcing the remember me checkbox to always be checked. To achieve that, go to your your Login action, and do the following:

FormsAuthentication.SetAuthCookie(username, true);

answered Feb 28 '13 at 10:42

Daniel Liuzzi

16,807
8
52
57

Thanks. I think that's it. I always thought that is remember me as in maintain login form's data. – cs0815 Feb 28 '13 at 10:50
The timeout will still be respected, however. You could change it to `525949` (one year), or something, too. – Grant Thomas Feb 28 '13 at 11:37

score 0 · Answer 2 · answered Feb 28 '13 at 10:41

0

use SetAuthCookie method. SetAuthCookie

FormsAuthentication.SetAuthCookie(UserID, false); // not persisting cookie accross the browser session.

FormsAuthentication.SignOut().// for signout

answered Feb 28 '13 at 10:41

Ravi Gadag

15,735
5
57
83

forms authentication - no logout

2 Answers2