Im using forms authentication. I want my application should not logout the user automatically after sometime.
+3
A:
I don't know if you can turn it off completely, but you could try setting a large timeout value in your web config:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="9999" slidingExpiration="true" defaultUrl="~/Default.aspx"/>
</authentication>
Brissles
2010-10-01 14:05:36
+2
A:
You can change the timeout like this:
<system.web>
<authentication mode="Forms">
<forms timeout="99999999"/>
</authentication>
</system.web>
Further config options can be found here.
Make sure your session timeout isn't less than the forms authentication timeout. Otherwise, your users will have a hard time using your site.
You can change the session timeout in the web.config:
<system.web>
<sessionState timeout="999999999" />
<system.web>
Further details can be found here.
It could be a security issue to have someone logged in indefinitely.
Joe R
2010-10-01 14:06:49
What happens if your session timeout is less than the forms authentication timeout? I'd have thought that was a relatively common scenario (eg Stack overflow remembers my login details for days and I doubt ti keeps sessions around that long). You can't rely on all your data being in session but I personally wouldn't anyway most of the time...
Chris
2010-10-01 15:00:47
It's possible that session data is lost while the user is actually logged in and trying to use the site.
Joe R
2010-10-01 15:41:04
I don't know how SO is built but your login will be kept in a cookie... That's how SO remembers your login details.
Joe R
2010-10-01 15:42:49
I'd have thought you'd do bad things to server resources if you kept sessions around for too long. You're right that you might lose data but I'm not sure you should be storing things in session that are critical (I hate things like travel websites where you've done a search and go off to cehck other sites and come back and it tells you that your session timed out so you should start again - absolutely no reason to keep search details in session).
Chris
2010-10-01 16:26:26