Home/ Questions/Q 6626405
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T21:53:20+00:00

I have a web application with FormsAuthentication and with slidingExpiration=true in my web.config is

  • 0

I have a web application with FormsAuthentication and with slidingExpiration="true" in my web.config is not returning a cookie in each request, but when I see the HTTP transactions, I cannot see the webserver returning the AUTH cookie in each request.

Checking the docs, it should.

slidingExpiration Optional attribute. Specifies whether sliding
expiration is enabled. Sliding expiration resets the active
authentication time for a cookie to expire upon each request during a
single session. This attribute can be one of the following values.
Value Description True Specifies that sliding expiration is enabled.
The authentication cookie is refreshed and the time to expiration is
reset on subsequent requests during a single session. False Specifies
that sliding expiration is not enabled and the cookie expires at a set
interval from the time the cookie was originally issued. The default
is True.

Does anyone know why it is not working as expected?

Cheers.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I have read this: http://www.dotnetmonster.com/Uwe/Forum.aspx/asp-net-security/2316/problem-with-slidingExpiration

    In other words, if the elapsed time since ticket creation is greater
    then half the ticket timeout (in your scenario would be 1 minute) the
    the ticket won’t be renewed. Otherwise a new ticket will be granted
    with a fresh timeout (2 mins in your case). Summarizing, if you hit
    your page after 1 minute, it won’t extend your Forms session lifetime
    regardless your slidingExpiration setting.

    It makes sense, but I cannot find any official source. So I will test it my self when I have some spare time.

    Cheers.

    • 0