expiration date in newly created authentication ticket (asp.net forms auth)

Question

i am using asp.net forms authentication and the asp.net Login control. the login control has a "RememberMe" checkbox.

after the user is authenticated it raises the LoggedIn(object sender, EventArgs e) method and inside this method i am viewing the authentication cookie created by using this

HttpCookie authCookie = FormsAuthentication.GetAuthCookie(userName, true);

when i check the authCookie.Expires value i expect it to be 30 minutes when RememberMe is not checked and 50 years when RememberMe is checked (these are the defaults according to MS documentation)

but whether or not i check RememberMe it's always 30 minutes. i checked my web.config and i don't have anything set for the "timeout" field so i'm not sure why this is happening. any ideas?

Answer 1

this is pretty confusing but it looks like i have to set both the "timeout" and "slidingExpiration" in my web.config under the authentication/forms section to get the RememberMe part to work correctly

i have it set like so and everything is working as expected

slidingExpiration="true" timeout="5120"

rick strahl's blog helped me find the answer http://www.west-wind.com/WebLog/posts/157861.aspx