I am wondering if there is a way you can setup your .NET application to set and update the expiration time of the aspxauth and asp.net_sessionid cookies in the browser?
From what I see, the cookies' expiration dates are something like 1/1/0001 telling the browser to keep them until the browser closes (I've observed this using Chrome). I'd like to set an explicit time, but, I will need to update that time on every request.
I am attempting to do this with some code like :
var timeoutMins = Session.Timeout;
if (Response.Cookies.Count > 0)
{
foreach (string s in Response.Cookies.AllKeys)
{
if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
{
Response.Cookies[s].Expires = DateTime.Now.AddMinutes(timeoutMins);
}
}
}
I tried doing this in the global.asax End_Request event, although this doesn't seem to be a good place since it fires several times per page and you dont have access to the sessionstate timeout; further it only triggers on login and logout, so basically I can set it once but I can never update it. This causes my users to be logged out 15 minutes after login even if they have been active.
It seems like there would be some setting somewhere to tell .net to handle this? I know this is a strange request but it is a security requirement on this project so I'm trying to make it work!