Try our conversational search powered by Generative AI!
AI OnAI Off
User Login Timeout
Hi,
I might be misunderstanding your question, but the setting should be applied for any users using the current membership provider, regardless of admin or not. It's the timeout value for the authentication cookie set by ASP.NET.
Regards.
/Q
Oct 27, 2014 12:35
Hi,
Thanks for your reply - if I change this timeout to 1 minute and login to the Admin CMS and wait for 1 minute I get a popup box asking me to log back in - as I expected it to do.
If I login to the Members area in the front end - and wait for 1 minute I am still logged in.
Where is the authentication cookie set? or is this the same line that I pasted in above?
Jon
Oct 27, 2014 12:39
What would happen if I put this line of code into the webconfig?
<sessionState timeout="60"></sessionState>
Oct 27, 2014 12:41
Hi,
If I leave the timeout to 4320 as above then the CMS login works fine but the Members area logs the user out after 40 mins
Hope that helps a bit,
Jon
Oct 27, 2014 12:59
Then I guess the problem is in your login page. Your custom login page should get the timeout information (should be available in Membership, IIRC), to set the cookie timeout.
Regards.
/Q
Oct 27, 2014 13:08
The code from the login page in our Commerce Sample site, you get the idea:
private static void CreateAuthenticationCookie(string username, string domain, bool remember)
{
// this line is needed for cookieless authentication
FormsAuthentication.SetAuthCookie(username, remember);
var expirationDate = FormsAuthentication.GetAuthCookie(username, remember).Expires;
// the code below does not work for cookieless authentication
// we need to handle ticket ourselves since we need to save session paremeters as well
var ticket = new FormsAuthenticationTicket(2,
username,
DateTime.Now,
/*expirationDate, - doesn't work when it's DateTime.MinValue. The date needs to be convertible to FileTime, i.e. >=01/01/1601 */
expirationDate == DateTime.MinValue ? DateTime.Now.Add(FormsAuthentication.Timeout) : expirationDate,
remember,
domain,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// remove the cookie, if one already exists with the same cookie name
if (HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName] != null)
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
cookie.HttpOnly = true;
cookie.Path = FormsAuthentication.FormsCookiePath;
cookie.Secure = FormsAuthentication.RequireSSL;
if (FormsAuthentication.CookieDomain != null)
cookie.Domain = FormsAuthentication.CookieDomain;
if (ticket.IsPersistent)
cookie.Expires = ticket.Expiration;
// Create the cookie.
HttpContext.Current.Response.Cookies.Set(cookie);
}
Oct 28, 2014 3:13
Hi,
We have an Admin login to the CMS and the timeout for this is set in the Webconfig:
But we also have a User login where registered members to the site can login and view pages that we restrict using Visitor Groups (they dont see the CMS - just restricted pages). Can somebody tell me where we set the session timeout length for this type of login please?
Many thanks
Jonathan