I would like to have a forms authentication cookie that persists for about 30 minutes. As with many, my starting point has been the ibuyspy portal that asp.net has as a sample application.
I see that they are setting the SetAuthCookie with this statement:
FormsAuthentication.SetAuthCookie(email.Text, RememberCheckbox.Checked)
However if the Check box is checked, the cookie seems to persist for ever.
In the Web.Config under:
<authentication mode = "Forms">
<forms timeout="30">
</authentication>
I though the timeout was suppose to be the number of minutes until the cookie expires.
Why won't the cookie expire?
I want to allow users to open multiple windows to my asp.net application and as long as they have logged in once, they should be able to access the system. Some of my users open multiple windows, but currently they have to login with each individual internet explorer window. If I give them the luxury of using a persistent cookie, they don't have to login each time, but many forget to logout and I fear a security risk. So how can I get a cookie to persist across multiple instances of ie but have the cookie eventually expire if the system has been dormant after a while.
Thanks in advance for any assistance.