0

I had implemented custom asp.net authentication and added all the required attributes even then the user are signout frequently.

I had hosted this website on shared godaddy server.

Here is my code:

var ticket = new FormsAuthenticationTicket(2, auth.Message.ToString(), DateTime.Now, DateTime.Now.AddDays(3), true,
                                           string.Empty, FormsAuthentication.FormsCookiePath);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket))
        {
            Domain = FormsAuthentication.CookieDomain,
            Expires = DateTime.Now.AddYears(50),
            HttpOnly = true,
            Secure = FormsAuthentication.RequireSSL,
            Path = FormsAuthentication.FormsCookiePath
        };
        Response.Cookies.Add(cookie);
        Response.Redirect(FormsAuthentication.GetRedirectUrl(auth.Message.ToString(), true));

My Web.config has these values:

<authentication mode="Forms">
  <forms requireSSL="false" timeout="120" loginUrl="~/CRM/Logon.aspx" defaultUrl="~/CRM/OTP.aspx" />
</authentication>

My users are complaining that they are logged off around 10-20 minutes

Any help is appreciated.

EDIT

I had removed requireSSL="false" timeout="120" and even then no effect.

I am not using session as well

Moons
  • 3,833
  • 4
  • 49
  • 82
  • It sounds like a Session timeout is causing your authentication to timeout as well (or at least it's causing your users to *think* they've been logged out). [Session timeout defaults to 20 minutes](http://stackoverflow.com/questions/871839/what-is-default-session-timeout-in-asp-net). Is your app dependent on Session variables? – Josh Darnell Nov 12 '13 at 20:40

1 Answers1

0

The problem is we need to specify Application Pool Idle timeout also to make the above conditions works.

Moons
  • 3,833
  • 4
  • 49
  • 82