Home/ Questions/Q 8406321
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T23:04:45+00:00

For the past few months, we’ve had users complaining that their authentication was sometimes

  • 0

For the past few months, we’ve had users complaining that their authentication was sometimes expiring early – after only 20 minutes of inactivity, despite the fact that we have authentication timeouts set to 30. I discovered today that SlidingExpiration only resets when there’s less than half of the auth time left, leaving open the possibility of doing something, waiting ten minutes, doing something else, waiting 21 minutes, and getting an ‘early’ timeout.

Are there any potential downsides to doing something like this in my Master Page’s Page_Load?

if(CurrentUser != null) {
    FormsAuthentication.SetAuthCookie(CurrentUser.UserName, false);
}

…and thus resetting the sliding expiration with every request?

Edit:

This code is what I wound up using; it only resets the token once per minute.

var cookie = Request.Cookies[FormsAuthentication.FormsCookieName];
var ticket = FormsAuthentication.Decrypt(cookie.Value);

if (ticket.IssueDate.AddMinutes(1) < DateTime.Now && ticket.IssueDate.AddMinutes(30) > DateTime.Now) {
    FormsAuthentication.SetAuthCookie(currentUser.UserName, false);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The biggest downside is that it will disable caching, e.g. <%@ OutputCache %> directives will no longer function correctly. So you might start seeing a performance hit due to cache misses.

    If you’re able to, the easiest thing to do would be to bump the expiration timeout.

    • 0