Home/ Questions/Q 7640615
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T08:42:53+00:00

I am writing a Remember My Username Cookie that expires in a custom duration

  • 0

I am writing a “Remember My Username” Cookie that expires in a custom duration of time e.g. one month. I noticed that when I add HttpOnly = true, the expiration changes to session. Why is this? I can’t seem to find any documentation on why this would happen.

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m adding the following code: Also, now I’m getting a different behaviors than the Title. I’m running this locally against the VS2010 built-in server. It seems to show inconsistent behaviors. I would move the HttpOnly = true before the Expires and after it and it seemed to change behavior until I refreshed the browser page. So, I am assuming everything was fine and never had an issue. In addition, I am moving HttpOnly and Secure flags to the web.config because not all my environments have SSL.

    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
                                                (strUserID, //name
                                                 false, //IsPersistent
                                                 24 * 60); // 24 hours

// Encrypt the ticket.
string encryTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
HttpCookie userCookie = new HttpCookie("Authentication", encryTicket);
userCookie.HttpOnly = true;
Response.Cookies.Add(userCookie);

e.Authenticated = true;
if (LoginPannelMain.RememberMeSet)
{
    HttpCookie aCookie = new HttpCookie("email", strUserLogin);
    aCookie.HttpOnly = true;
    aCookie.Expires = DateTime.Now.AddYears(1);
    Response.AppendCookie(aCookie);
}
else
{
    HttpCookie aCookie = new HttpCookie("email", "");
    aCookie.HttpOnly = true;
    Response.AppendCookie(aCookie);
}
    • 0