Last post Nov 02, 2014 10:18 PM by Rion Williams
Oct 24, 2012 12:14 PM|thongbk|LINK
I have a Windows Live Application and it use login.live.com to login or logout my app. When I login with login.live.com url for short time then I logout but I can't relogin after I logout .
If I closed the browser then launched it again or logined for along time, I can relogin successfully. I know the live window cookie is problem but I can't find the solution for this problem
Nov 02, 2014 10:18 PM|Rion Williams|LINK
Depending on how you have configured your application, you could check what the specific timeout for your authentication cookie is. There are quite a few ways to set timeouts within .NET (Session Timeouts, Forms Authentication Timeouts and IIS-related
Timeouts) so a few things could be going wrong here so I'll address the two that might most likely relate to your issue : Forms Authentication and IIS Idle Timeouts.
Setting the Forms Authentication Timeout within your web.config (may not be applicable)
You can adjust the specific timeout property of your Forms Authentication in your application by adjusting the timeout property within the <authentication> element of your web.config file. You will also want to be mindful that if you are using the slidingExpiration
property in conjunction with timeouts as they can actually expire much earlier than the timeout listed.
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="yourTimeoutInMinutes"></forms> </authentication>
So if you wanted to extend the amount that the authentication token stays "alive" for to say 60 minutes (an hour), you would set it as seen below :
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="60"></forms> </authentication>
However, if you are using the slidingExpiration property, the authentication token can expire when half of the timeout duration has elapsed. So you'll likely want to double your timeout value if you are using it :
<authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="~/Login.aspx" timeout="120" slidingExpiration="true"></forms> </authentication>
Setting the Application IdleTimeout property within IIS
You may need to check what your timeout is configured for within IIS, as this timeout will override the timeouts defined in your web.config.
Within IIS there is a setting called Idle Timeout, which defaults at 20 minutes. This could explain your early timeout issue and you may want to consider adjusting this property within IIS. Based on your issue, this could likely be the culprit :
Scott Hanselman also addresses strange issues that can occur when dealing with timeouts when using Forms Authentication in this blog post as