J
Joe Fallon
I use Forms authentication and State Server and Cookies are enabled.
Is this correct?
If the session is set to timeout in 20 minutes that means that if there is
no activity for 20 minutes then the session will expire and the user will
have to log in again. But if they request pages then the 20 minute period
re-starts after
each page is requested.
If the user is active for 20 minutes and then is idle for the next 15 the
session has not timed out and they should not have to log in again.
But does the authentication ticket in the cookie expire in 30 minutes?
If so, does THAT force a log in again?
What is the "best" way to coordinate these 2 to minimize the amount of
re-logging in
and yet maintaining some basic level of security?
Thanks!
Is this correct?
If the session is set to timeout in 20 minutes that means that if there is
no activity for 20 minutes then the session will expire and the user will
have to log in again. But if they request pages then the 20 minute period
re-starts after
each page is requested.
If the user is active for 20 minutes and then is idle for the next 15 the
session has not timed out and they should not have to log in again.
But does the authentication ticket in the cookie expire in 30 minutes?
If so, does THAT force a log in again?
What is the "best" way to coordinate these 2 to minimize the amount of
re-logging in
and yet maintaining some basic level of security?
Thanks!