[Mono-devel-list] FormsAuthenticationTicket expiration
Gonzalo Paniagua Javier
gonzalo at ximian.com
Tue Aug 17 12:38:48 EDT 2004
On Mon, 2004-08-16 at 15:58, jpease at twcny.rr.com wrote:
> I am developing an asp.net application that requires that
> authenticated users timeout after some fixed amount of inactivity.
> Using forms authentication, when the expiration date/time is reached
> for a FormsAuthenticationTicket, it appears that a new ticket is being
> generated and sent. As far as I know and would assume, expiration of
> the auth ticket should result in a redirect to the login page, or
> should at least show as being expired. I think this may be a bug.
> This can be regenerated with the authtest code (from xsp source) by
> adding a timeout to the <forms> section in the web.config. Using a
> quick timeout, authenticate and sit inactive at the index.aspx page.
> After the ticket should have expired, a refresh results in an updated
> ticket and no redirect.
Can you file a bug report for this with detailed instructions on how to
reproduce the problem?
More information about the Mono-devel-list