Session that never expires like on stackoverflow.com, unless the user clicks logout
I am building a asp.net mvc application. I want session to never expire, once the user login, unless the user clicks on logout.
Whats the best w开发者_开发知识库ay of doing it?
I have used
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
and set createPersistentCookie to true, but still I get logged out after sometime.
Implement sliding expiration. Leave the expiration time to some reasonable value - day, two, week max; renew the cookie on each request (simplest) or at certain intervals.
FormsAuthentication cookies use the timeout value to determine expiration. The createPersistentCookie flag just tells the API to set an expires value, rather than allowing the cookie to expire when the browser is closed. To prevent expiration, increase the forms authentication timeout value in the web.config. That value is in minutes, so to force the cookie to last one year, use 525600.
精彩评论