Persistent cookie timeout with FormsAuthentication

asp.net cookies forms-authentication remember-me
cda01 picture cda01 · Oct 7, 2011 · Viewed 20.9k times · Source

I am creating some "Remember Me" functionality as part of logging in.

When I create a persistent cookie during the login process with the following:

FormsAuthentication.SetAuthCookie("someusername", true);

And my Web.Config looks as follows:

<authentication mode="Forms">
  <forms loginUrl="~/sign-in" timeout="2880" />
</authentication>

How long will the cookie be valid for before the user will be asked to provide their login details again? Also, Is there/What is the default length of time used when setting a persistent cookie?

Answer

cda01 picture cda01 · Oct 7, 2011

I found the answer I was looking for thanks to this article:

Dan Sellers's WebLog

where he states:

in ASP.NET 2.0 the timeout value of both persistent and session based cookies are controlled by the timeout attribute on the<forms/>element

So in my example the persistent cookie will expire in 48 hours.

Related questions

How to handle "Remember me" in the Asp.Net Membership Provider

Ive written a custom membership provider for my ASP.Net website. Im using the default Forms.Authentication redirect where you simply pass true to the method to tell it to "Remember me" for the current user. I presume that this …

Read More
How to get the cookie value in asp.net website

I am creating a cookie and storing the value of username after succesfull login. How can I access the cookie when the website is opened. If the cookie exist I want to fill the username text box from the cookie …

Read More
what is ASPXAUTH cookie?

While working with ASP.Net Forms Authentication I came across the .ASPXAUTH cookie. I have a couple questions: What is the purpose of this cookie? What is the location of this cookie?

Read More