Forms authentication timeout vs sessionState timeout
2017-11-10 10:44
609 查看
https://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout
They are different things. The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after
The
https://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout
To be on the safe side: TimeOut(Session) <= TimeOut(FormsAuthentication) * 2
If you want to show page other than specified in loginUrl attribute after authentication timeout you need to handle this manually as ASP.NET does not provide a way of doing it.
They are different things. The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after
valuenumber of minutes, the cookie will expire and the user will no longer be authenticated - they will be redirected to the login page automatically-. The
slidingExpiration=truevalue is basically saying that after every request made, the timer is reset and as long as the user makes a request within the timeout value, they will continue to be authenticated. If you set
slidingExpiration=falsethe authentication cookie will expire after
valuenumber of minutes regardless of whether the user makes a request within the timeout value or not.
The
SessionStatetimeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session. For example, if you put an object in Session using the value in your example, this data will be removed after 30 minutes. The user may still be authenticated but the data in the Session may no longer be present. The
Session Timeoutvalue is always reset after every request.
<authentication mode="Forms"> <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH_cms6000" timeout="1440" slidingExpiration="true" path="/"/> </authentication>
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" />
https://stackoverflow.com/questions/1470777/forms-authentication-timeout-vs-session-timeout
To be on the safe side: TimeOut(Session) <= TimeOut(FormsAuthentication) * 2
If you want to show page other than specified in loginUrl attribute after authentication timeout you need to handle this manually as ASP.NET does not provide a way of doing it.
相关文章推荐
- Forms Authentication Timeout vs Session Timeout
- Caution with using asp.net session timeout and FormsAuthentication timeout together
- .net的FormsAuthenticationTicket session、cookies验证用户信息用法的区别 推荐
- ViewState VS. Session
- Handling session and authentication timeouts in ASP.Net
- ASP.NET Session and Forms Authentication and Session Fixation
- Session-based Authentication VS Token-based Authentication
- Forms Authentication timeout and Expiration
- viewstate与Session的区别
- 一起谈.NET技术,Application、Session、Cookie、ViewState、Cache、Hidden的区别
- FormsAuthentication.SetAuthCookie
- asp.net状态保持viewstate,session,cookie,application
- Using Forms Authentication in ASP.NET - Part 1
- ASP.NET SessionState 解惑
- FormsAuthentication.GetRedirectUrl 方法
- Cache,ViewState,Session,Application,Static变量
- Application,Session,Cookie和ViewState等对象用法和区别
- Application Session Cookie ViewState Cache
- [转]ASP.NET HttpModule for handling session end with StateServer
- Session Timeouts Causes and Remedies