Help! Why do my IE users get randomly logged off?

Question

ASP.NET MVC 2.0, here's my auth code:

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Login(string username, string password, string returnUrl) {
    if (ModelState.IsValid) {
        // Attempt to login
        var loginSuccessful = provider.ValidateUser(username, password);

        if (loginSuccessful) {
            FormsAuthentication.SetAuthCookie(username, true);
            if (!String.IsNullOrEmpty(returnUrl))
                return Redirect(returnUrl);


            return RedirectToAction("Index", "Home");

        }
    }
    return View(Language + "/Login", Vd);
}

Pretty much straight default authentication. Works fine for logging in. However, IE users get auto logged off randomly, even while they're active on the site. Other browsers work fine. Here's the forms auth from web.config:

<authentication mode="Forms">
    <forms loginUrl="~/en/Account/Login" timeout="2880"/>
</authentication>

Where do I begin to look in this case? Have I found a bug?

Answer 1

As far as I can see everything seems fine, however, could your issue be something to do with your use of a persistent cookie? I think persistent cookies are not meant to timeout, which is why you might be using them.

Try using a non-persistent one instead, and see if that works:

FormsAuthentication.SetAuthCookie(username, false);

Also, a few others notes of interest:

• I think that the timeout attribute in a web.config is specified in minutes. You've specified more than 2000 minutes.
• By default, sliding expiration is disabled, so after n minutes it will timeout anyway. If this isn't what you want, then add a slidingExpiration="true" entry onto your <forms/> element in the web.config.

Answer 2

What kind of session mode are you using-in process or out of process? If you are using in process with non-persistent cookie and the application pool recycles, then session is lost.