Databases
StackOverflow2013
Postsdbo
POWhy are my forms authentication tickets expiring so fast?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy are my forms authentication tickets expiring so fast?
    text
    copied!<p>I'm using forms authentication in an ASP.NET application. I configure the <code>FormsAuthenticationTicket</code> to expire in 1 year but it actually expires after 1 hour or so. I can't figure out why.</p> <p>Here is all the code involved in the login process:</p> <pre><code>public static bool Login(int id) { try { string securityToken = UserHelper.AuthenticateUser(id); DateTime expiryDate = DateTime.Now.AddYears(1); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, id.ToString(), DateTime.Now, expiryDate, true, securityToken, FormsAuthentication.FormsCookiePath); string encryptedTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Expires = expiryDate; HttpContext.Current.Response.Cookies.Add(cookie); return true; } catch { return false; } } </code></pre> <p>Web.config:</p> <pre><code>&lt;system.web&gt; &lt;machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" /&gt; &lt;compilation debug="true"&gt; &lt;authentication mode="Forms"&gt; &lt;forms loginUrl="~/Login.aspx" timeout="2880"/&gt; &lt;/authentication&gt; ... </code></pre> <p>Is something wrong with my approach? Why is it expiring so fast?</p> <p><strong>EDIT</strong></p> <p>Global.asax code:</p> <pre><code>protected void Application_AuthenticateRequest(object sender, EventArgs e) { if (Request.PhysicalPath.EndsWith(".aspx") || Request.PhysicalPath.EndsWith(".axd") || Request.PhysicalPath.EndsWith(".ashx")) SecurityManager.SetPrincipal(); } </code></pre> <p>SetPrincipal Code:</p> <pre><code>public static void SetPrincipal() { ILivrePrincipal principal = null; FormsIdentity identity; UrlParameters urlParameters = UrlParametersHelper.GetUrlParameters(HttpContext.Current.Request); if (HttpContext.Current.Request.IsAuthenticated) { identity = (FormsIdentity)HttpContext.Current.User.Identity; User userProfile; urlParameters.SecurityToken = (((FormsIdentity)identity).Ticket).UserData; try { userProfile = UserHelper.GetUser(urlParameters.SecurityToken); UserHelper.UpdateLastActiveOn(userProfile); principal = new AuthenticatedPrincipal(identity, userProfile); } catch { //TODO: Log an exception FormsAuthentication.SignOut(); principal = new AnonymousPrincipal(new GuestIdentity(), UserHelper.GetUser(null)); } } else { principal = new AnonymousPrincipal(new GuestIdentity(), UserHelper.GetUser(null)); } HttpContext.Current.User = principal; } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload