Forms authorization cookie always set to expire in 2055?

[Amil]

I'm using Forms authorization. In my <forms> section I have timeout="30",
but when I examine the cookie, it shows it expiring in 2055? Why?

<authentication mode="Forms">
<forms
loginUrl="/login.aspx"
protection="All"
timeout="30"
path="/">
<credentials passwordFormat="Clear">
<user name="guest" password="xxxxxxx" />
</credentials>
</forms>
</authentication>

 

[Brock Allen]

Because they hard coded it to expire after 50 years. You can change that
(albeit manually).

-Brock
DevelopMentor
http://staff.develop.com/ballen

 

[Amil]

So, what good is setting the "timeout" value in the <form> section? Maybe
you didn't read my post accurately.

 

[Brock Allen]

The timeout is used when it's not a persistent cookie. IOW, the boolean parameter
to FormsAuthentication.SetAuthCookie. The docs cover this (except where it
says "Persistent cookies do not time out.". They do time out after 50 years,
as you discovered):

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfforms.asp

-Brock
DevelopMentor
http://staff.develop.com/ballen

 

[Amil]

Ahh...yes...now I see. I set the persistant parameter to false and now it
works. Thanks.

Amil