{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 乱世女痞 的问题《Forms Authentication Timeout vs Session Timeout》','https://www.manongdao.com/q-24044.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In my asp.net website i am using asp.net form authentication with following configuration
<authentication mode="Forms">
<forms loginUrl="~/Pages/Common/Login.aspx"
defaultUrl="~/Pages/index.aspx"
protection="All"
timeout="30"
name="MyAuthCookie"
path="/"
requireSSL="false"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" >
</forms>
</authentication>
I have following questions
What should be timeout value for session because i am using sliding expiration inside form authention due to which session will expire before form authentication. How can i protect it?
After formauthentication log out i would like to redirect page at logout.aspx but it is automatically redirect me at loginpage.aspx. How is it possible?
To achieve #2 you can manually check the cookie and its AuthenticationTicket for expiration and redirect to your custom page if they have expired.
You can do in it in one of the events: AcquireRequestState, AuthenticateRequest.
Sample code in the event can look like:
For sites that have a session dependency, you can simply sign out of a stale authentication with the session start event in the global.asax:
This makes it so that new session = new authentication, period.