The basic idea for this is to have your authentication cookie + session expire at the same time. The automatic behaviour of asp.net would be to take you back to the defined login page. The "slidingExpiration" attribute on the auth cookie would need to be 'true' to keep extending it's life while the session is active.
system.web>
sessionstate mode="InProc" cookieless="false" timeout="20" />
authentication mode="Forms">
forms name=".SAMPLESITEAUTH" loginUrl="~/Login.aspx" protection="All" timeout="20" slidingExpiration="true" path="/" cookieless="UseCookies">
/authentication>
/system.web>
The slidingExpiration on your cookie doesn't work the way you hope. ASP.NET won't refresh the expiry on the cookie with every request; rather it does that only once every half-the-value-of-timeout minutes. I.e. if you set timeout="20", it only refreshes the cookie every ten minutes.
Monday, August 9, 2010
Subscribe to:
Posts (Atom)