One of my customers had implemented forms authentication in his ASP.NET 2.0 web application. He was facing problem with session and authentication timeouts. They saw that the session time out value was resetting on every post back, but authentication ticket expiration value was not resetting until it comes below the half way mark of its expiration value .

Their requirements were as follows,

1. Authentication ticket timeout value should be reset on every request to server.

2. Authentication cookie's time out value and session's time out value should sync.

 

RESOLUTION

============

This is a design feature in ASP.NET 2.0. However as a work-around we could try creating a new forms authentication cookie at every request, which will ensure that the forms auth ticket expire time will reset at every request. It will have a minor performance impact of recreating the forms auth cookie on each request, but that overhead is small.

To have this feature, you would either have to write an HttpModule, or hook one of the pre-request events in global.asax, and programmatically reissue the forms auth ticket.

Reference Articles:

Understanding the Forms Authentication Ticket and Cookie

http://support.microsoft.com/kb/910443

FormsAuthenticationTicket.Expiration Property
http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.expiration.aspx