Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
579 views
in Technique[技术] by (71.8m points)

asp.net - Differences in forms auth timeout and session timeout

The session state timeout is set using this web.config element

<sessionState mode="InProc" cookieless="false" timeout="120" />

The forms auth is configured using this web.config element

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           protection="All"
           timeout="30"
           name=".ASPXAUTH" 
           path="/"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="default.aspx"
           cookieless="UseDeviceProfile"
           enableCrossAppRedirects="false" />
  </authentication>
</system.web>

What is the difference between the timeouts specified in each of these elements? If both are different, how would it work?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

A session starts every time a new user hits the website, regardless of whether or not they are anonymous. Authentication has very little to do with Session.

Authentication timeout is the amount of time that the authentication cookie is good for on the user's browser. Once the cookie expires, they must re-authenticate to access protected resources on the site.

So, if Session times out before the Authentication cookie - they are still authenticated, but all their session variables disappear, and may cause errors in your website if you are not disciplined in checking for nulls and other conditions brought about by missing session.

If Authentication times out before the session, then all their session variables will still exist, but they won't be able to access protected resources until they log back in again.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...