Home/ Questions/Q 4079574
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T17:49:10+00:00

I am using the ASP.NET login control. I want to be able to set

  • 0

I am using the ASP.NET login control. I want to be able to set the timeout for Forms Authentication individually for each user (instead of globally in the web.config). From what I understand the only way to do this is to set the timeout on the AuthenticationTicket manually. Is there a way to do this when using the Login Control? It seems to me that the Login Control abstracts away all of this. I am hoping that there is some way to continue using the Login Control, but also have the ability to set the FormsAuthentication timeout individually for each user.

Thanks,
Corey

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    MSDN says:

    The LoggedIn event is raised after the
    authentication provider checks the
    user’s credentials and the
    authentication cookie is queued to
    send to the browser in the next
    response. Use the LoggedIn event to
    provide additional processing, such as
    accessing per-user data, after the
    user is authenticated.

    So this event seems to be the right place to replace cookies. Firstly, the cookie need to be retrieved and decrypted:

    HttpCookie authCookie = Response.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket oldAuthTicket = 
    FormsAuthentication.Decrypt(authCookie.Value);

    right after this, the new authentication ticket based on just extracted should be created:

    FormsAuthenticationTicket newAuthTicket = new FormsAuthenticationTicket(
    oldAuthTicket.Version,
    oldAuthTicket.Name,
    DateTime.Now,
    DateTime.Now.Add(timeoutForUser),
    oldAuthTicket.IsPersistent,
    oldAuthTicket.UserData,
    FormsAuthentication.FormsCookiePath
);

    timeoutForUser here is a TimeSpan value that holds the session timeout for the user.

    And finally, the old cookie in the response should be replaced with the new one:

    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
authCookie = 
    new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
HttpContext.Current.Response.Cookies.Set(authCookie);

    This should do the trick.

    • 0