Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I working on an Formsauthentication sign in functionality.
My session configuration is 1minute,
<sessionState cookieless="false" timeout="1"/>
My forms authentication settings,
<authentication mode="Forms">
<forms cookieless="UseCookies" defaultUrl="~/" loginUrl="~/user/signin" name="PMPLUSWeb" timeout="21680" slidingExpiration="true" />
</authentication>
I set the forms authentication as,
FormsAuthentication.RedirectFromLoginPage(userID, user.RememberMe);
So when I access "HttpContext.Current.User.Identity.Name" I get the userID.
If the session times out (after 1minute), I thought "HttpContext.Current.User.Identity.Name" will also expire. But the value persist, I still get the UserID after 1minute. Where does this value stored?
Is the value read from the cookie and sent via the request?
If the login cookie expires (I'd avoid using the term "session" here), then HttpContext.Current.User will return null and HttpContext.Current.Request.IsAuthenticated will return false
For more information on how User / IsAuthenticated are set, take a look at these two questions.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
