Forms Authentication Timeout vs Session Timeout

by
  1. To be on the safe side: TimeOut(Session) <= TimeOut(FormsAuthentication) * 2
  2. If you want to show page other than specified in loginUrl attribute after authentication timeout you need to handle this manually as ASP.NET does not provide a way of doing it.

To achieve #2 you can manually check the cookie and its AuthenticationTicket for expiration and redirect to your custom page if they have expired.
You can do in it in one of the events: AcquireRequestState, AuthenticateRequest.

Sample code in the event can look like:

// Retrieve AuthenticationCookie
var cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie == null) return;
FormsAuthenticationTicket ticket = null;
try {
    ticket = FormsAuthentication.Decrypt(cookie.Value);
} catch (Exception decryptError) {
    // Handle properly
}
if (ticket == null) return; // Not authorised
if (ticket.Expiration > DateTime.Now) {
    Response.Redirect("SessionExpiredPage.aspx"); // Or do other stuff here
}

More Related Contents:

  1. Session timeout in ASP.NET
  2. Replacing ASP.Net’s session entirely
  3. What should I do if the current ASP.NET session is null?
  4. ASP.NET: Session.SessionID changes between requests
  5. Forms authentication timeout vs sessionState timeout
  6. Losing Session State
  7. Close/kill the session when the browser or tab is closed
  8. Chrome localhost cookie not being set
  9. Can we use multiple forms in a web page?
  10. How can I share a session across multiple subdomains in ASP.NET?
  11. What is the difference between Session.Abandon() and Session.Clear()
  12. ASP.NET session state provider in Azure [closed]
  13. Passing session data between ASP.NET Applications
  14. In ASP.NET, when should I use Session.Clear() rather than Session.Abandon()?
  15. ASP.NET Stress Testing
  16. ASP.net session request queuing
  17. ASP.NET MVC – Session is null
  18. asp.net cookies, authentication and session timeouts
  19. ASP.NET: How to access Session from handler? [duplicate]
  20. Stopping onclick from firing when onclientclick is false?
  21. Session lock causes ASP.Net websites to be slow
  22. Asp.Net Session is null in ashx file
  23. ASP.NET Why are sessions timing out, sessionstate timeout set
  24. What is the maximum size a session variable can hold?
  25. Cache VS Session VS cookies?
  26. IIS Session Timeout vs ASP.NET Session Timeout
  27. asp.net session variables on Session_End
  28. ASP.NET Session Cookies – specifying the base domain
  29. How to use gmail SMTP in ASP.NET form
  30. Session_End does not fire?

Leave a Comment