Setting auth cookie timeout length based on role in ASP.NET

Question

I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?

Thank you in advance.

Answer 1

Yes, you could do that. You would need to generate the authentication ticket manually instead of letting the framework generate it automatically.

Depending the user role, the expiration you assign to the ticket.

Here you have a tutorial about how to generate the ticket manually.

http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx

Answer 2

SNIPPET:

     switch Role: 
     Case A: VARIABLE X = Y; BREAK;
     CASE B: VARIABLE X = Y2; BREAK;
     ..

     End switch

     FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        1, // Ticket version
        Username.Value, // Username associated with ticket
        DateTime.Now, // Date/time issued
        DateTime.Now.AddMinutes(VARIABLE X), // Date/time to expire
        true, // "true" for a persistent user cookie
        reader.GetString(0), // User-data, in this case the roles
        FormsAuthentication.FormsCookiePath);// Path cookie valid for

     // Encrypt the cookie using the machine key for secure transport
     string hash = FormsAuthentication.Encrypt(ticket);
     HttpCookie cookie = new HttpCookie(
        FormsAuthentication.FormsCookieName, // Name of auth cookie
        hash); // Hashed ticket

     // Set the cookie's expiration time to the tickets expiration time
     if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;