Last post Jul 18, 2018 06:12 PM by mgebhard
Jul 18, 2018 05:58 PM|SS12345|LINK
The users of our website are complaining that they are timing out before 20 minutes , Below are my settings in web.config
<sessionState mode="InProc" cookieless="false" timeout="20" />
<forms name=".ASPXAUTH" loginUrl="~/w/default.aspx?aid=1" timeout="20" slidingExpiration="true"/>
The app pool Idle time out is also 20 Minutes
In the code where we login we have
tkt = new FormsAuthenticationTicket(1, cust_id, DateTime.Now, DateTime.Now.AddMinutes(20), false, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
ck.Path = FormsAuthentication.FormsCookiePath;
In the Event Viewer we are getting this message
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
I am not sure where I am doing wrong. Any help would be greatly appreciated
Jul 18, 2018 06:12 PM|mgebhard|LINK
I'm not sure but the code is a bit confusing. Consider using the standard API rather than rolling your own.
The advantage of using the API is it reads the web.config so you don't have to store duplicate configurations as you're currently doing.
If your environment is load balanced then you'll need to a static machine key across every app. A static machine key might be a good idea anyway if your app is restarting due to a bug or saving files on the bin directly.