Increase ASP.NET Authentication / Membership-Cookie Timeout

May 23rd, 2007 | ASP.NET

The default forms authentication timeout value is set on 30 minutes. Increasing the ASP.NET Membership-Cookie Timeout is most easily possible by setting the timeout attribute in the web.config:

<authentication mode="Forms">
<forms name="ApplicationLogin" loginUrl="Login.aspx" path="/" protection="All" timeout="10080">
</forms>

timeout=”10080″ is meassured in minutes, meaning we got a timeout of 10080 minutes here.

If you don’t want to set the forms timeout value that high you have to give up on the standard login controls supplied with ASP.NET 2.0. Here’s what you have to do:

1) Create a custom Login Page aka Login.aspx, this is just an example:

    4     <asp:Panel ID=”Panel1″ runat=”server” DefaultButton=”Button1″>

    5     <div align=”center”>

    6 User: <br />

    7     <asp:TextBox ID=”TextUser” runat=”server”></asp:TextBox>

    8 <br />

    9 Password:<br />

   10 <asp:TextBox ID=”TextPass” runat=”server” TextMode=”Password”></asp:TextBox>

   11 <br />

   12     <asp:CheckBox ID=”CheckBox1″ runat=”server” Checked=”True” />

   13     <asp:Button ID=”Button1″ runat=”server” Text=”Login” OnClick=”Button1_Click” /><br /><br />

   14     <asp:Literal ID=”Literal1″ runat=”server”></asp:Literal>

   15 </div>

   16 </asp:Panel>

2) Create a new class auth.cs and add the following:

   43     public static bool CheckLogins(string UserName, string Password)

   44     {

   45         if (Membership.ValidateUser(UserName, Password))

   46         {

   47             return true;

   48         }

   49         else

   50         {

   51             return false;

   52         }

   53 

   54         return false;

   55     }

   75     public static bool CreateTicket(string UserName, bool StayLoggedIn, string Type, DateTime CookieTime)

   76     {

   77         FormsAuthentication.Initialize();

   78 

   79         // Create a new ticket used for authentication

   80         FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, CookieTime, StayLoggedIn, Type, FormsAuthentication.FormsCookiePath);

   81 

   82         string hash = FormsAuthentication.Encrypt(ticket);

   83         HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

   84 

   85         if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

   86 

   87         HttpContext.Current.Response.Cookies.Add(cookie);

   88 

   89         return true;

   90     }

3) Now insert this into the button click event routine of Login.aspx:

   43 public static bool CheckLogins(string UserName, string Password)

   44     {

   45         if (auth.CheckLogins(TextUser.Text, TextPass.Text))

   46         {

   47             auth.CreateTicket(TextUser.Text, CheckBox1.Checked, “Regged”, DateTime.Now.AddDays(350));

   48         }

   49     }

Note: “Regged” indicates the UserRole in this case. You just added a Cookie with a timeout of 350 days now. This was just a rough example, of course you still have to add some kind of notice if the login failed and so on.

4 comments ↓

#1 Rajesh on 02.28.08 at 10:43 am

Hi,
Thanks for good article.
Keep it up.

#2 Fazal Abbas on 05.10.08 at 12:22 am

Good job. Thanks for helping.

Abbas

#3 Silverlight, WCF, Membership, Forms Authentication and Windows Live ID « Developer Flotsam on 08.13.08 at 3:17 am

[…] to Andreas Kraus for the FormsAuthenticationTicket […]

#4 Demo : Authentification Windows Live ID et Silverlight | Blog in the Cloud on 12.22.08 at 2:28 pm

[…] création d’un cookie (createTicket) […]

Leave a Comment