Hello

These questions may seem stupid but I am confused about the
formsauthentication ticket stuff. From what I know till now it is a
cookie/session variable ( I am still not sure which of the two).
1. When I use a FormsAuthentication.SetAuthCookie method I do not
specify a timeout. So how long is this valid.
2. Is this the same thing that I later access using
Contect.User.Identity?

Any help appreciated.

thnx,

the timeout you specify in the web.config will be considered.

<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication>

the AuthCookie is stored as cookie (not a session variable) on the client.
each time you get a request to the server, you need to read this cookie and
populate your Context.User with a GenericPrinciple object created using this
cookie. This generally is done in Application_Authenticate method in
global.asax file.

more info :
http://support.microsoft.com/default.aspx?scid=kb;en-us;301240&Product=aspnet

hth,
Av.

[quoted text, click to view]