9

I'm running a website using ASP.NET 2.0. Every now and then (10+ times per day on 100+ users daily) I receive this error: Forms authentication failed - ticket supplied has expired.

Here's my web.config snippet:

<authentication mode="Forms">
    <forms name=".CLLSAUTH" loginUrl="login.aspx" protection="All" path="/" timeout="60" />
</authentication>

I've looked at several solutions, someone mentioned the session timeout, but it's also 60 minutes in my config. Two more things, I'm not running a webfarm, and the app is not being recycled around the time the error occurs.

Any clues?

edosoft
  • 17,121
  • 25
  • 77
  • 111
  • This is controlled by the recycle of the app pool, session time out and authentication time out. – Aaron Fischer Nov 12 '08 at 17:46
  • 1
    why was this closed as off topic? It is a programming relating question. – Rebecca Nov 15 '10 at 10:52
  • @junto. Uhm. I don't recall. I didn't leave a note at that time (almost 2 years ago) I can reopen I suppose. – edosoft Nov 15 '10 at 12:10
  • @edosoft this is definitely an on topic question. I think it should be reopened. – Brett Jun 27 '12 at 14:08
  • @Brett Ok nominated for re-open. – edosoft Jun 28 '12 at 11:31
  • Related questions: [Forms authentication failed for the request. Reason: The ticket supplied has expired](http://stackoverflow.com/questions/2686324/forms-authentication-failed-for-the-request-reason-the-ticket-supplied-has-exp) and [ASP.NET Forms Authentication failed for the request. Reason: The ticket supplied has expired](http://stackoverflow.com/questions/5266578/asp-net-forms-authentication-failed-for-the-request-reason-the-ticket-supplied) – Owen Blacker Mar 10 '14 at 11:50

1 Answers1

3

I'm not sure what your question is... In this case, when a user has their browser open for more than an hour, their authentication cookie times out. The next time they send a request to the server BAM.

Try adding slidingExpiration="true" to the form element. That way the timeout restarts every time a user hits the server.

This could possibly also be because IIS recycled your worker process. You'd have to check your logs to see if this happened before somebody caused this error.

If your application is running on different servers, there might be an issue with the machine key in the forms authentication cookie being rejected because it's originated on a different server. But it doesn't sound like you're running on a web farm from your question.

Tanveer Badar
  • 5,438
  • 2
  • 27
  • 32
  • 1
    My question is, how to stop this error from occuring. And as clarified I'm not using a webfarm, nor is the IIS worker process recycling. I'll try your slidingExpiration suggestion. Thanks. – edosoft Nov 12 '08 at 18:13