Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Windows 2003 Server, Web Farm, Forms Authentication, SlidingExpiration

Reply
Thread Tools

Windows 2003 Server, Web Farm, Forms Authentication, SlidingExpiration

 
 
rmgalante@galaware.com
Guest
Posts: n/a
 
      10-04-2007
I have a web farm with 3 machines running windows 2003 server. I am
running an asp.net 2.0 application that uses forms authentication. My
authentication cookie uses sliding expiration and has a timeout of 15
minutes. My session has a timeout of 20 minutes. Session state is
maintained in a Sql Server 2005 database.

My site works with anonymous and authenticated users. Anonymous users
can search for information and purchase products. Authenticated users
are administrators that configure the database with an administrative
menu of scripts.

My web.config has the following configuration in web.config.

<authentication mode="Forms">
<forms cookieless="AutoDetect" slidingExpiration="true" timeout="15"/
>

</authentication>

I thought that as long as the authenticated user is viewing pages, the
sliding expiration will keep resetting the authentication cookie's
timeout. The admin section uses meta tags in the header of each page
that refresh at 19.5 minutes intervals (0.5 minutes before the session
timeout). This way I can log the user out before the one session
variable I use for UserId gets deleted.

But I am seeing the anonymous users getting redirected to the login
page. These pages do not have the refresh meta tag. And the users are
not logged in. Why are they getting redirected to the Login page.

Is it possible that an administrative user who logs out still has a
cookie in their browser? And if that administrative user surfs the
site as an anonymous user afterwards, the cookie is still detected,
and it expires in 15 minutes?

I need to get to the bottom of this issue. I can't have anonymous
users redirected to a login page.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing slidingExpiration at runtime milop ASP .Net 0 03-24-2008 03:06 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
slidingExpiration broken Arne ASP .Net Security 0 04-11-2005 08:37 PM
problem with slidingExpiration Alessandro Zucchi ASP .Net Security 4 03-09-2005 10:13 AM
Web Forms VS Windows Forms Brendan Miller ASP .Net 2 08-11-2003 09:05 PM



Advertisments