Using Sliding Expiration with Forms Authentication : FormsAuthentication « Authentication Authorization « ASP.NET Tutorial






Forms authentication uses a sliding expiration policy.
As long as a user lets no more than 30 minutes pass without requesting a page, the user continues to be authenticated.
However, if the user does not request a page for 30 minutes, then the user is logged out automatically.

The following web configuration file forces a user to log in again every minute.

File: Web.Config

<configuration>
    <system.web>
      <authentication mode="Forms">
        <forms slidingExpiration="false" timeout="1" />
      </authentication>
    </system.web>
</configuration>








21.10.FormsAuthentication
21.10.1.Configuring Forms Authentication
21.10.2.Use the web configuration file to change the name of the authentication cookie.
21.10.3.Using Cookieless Forms Authentication
21.10.4.Using Sliding Expiration with Forms Authentication
21.10.5.Set user name with FormsAuthentication.SetAuthCookie
21.10.6.Validate a user with FormsAuthentication.Authenticate
21.10.7.Using Forms Authentication Across Domains: Query String Authenticate
21.10.8.Web configuration file contains a list of usernames and passwords.
21.10.9.Assigning a name to the user and accessing next pages
21.10.10.Principal Login
21.10.11.Logout