asp.net security: Hi,

I'm having a problem with forms authentication on an asp.net
application. To summarise, after logging in initially, the login never
expires. I can come back to the application after days, and I'm still
logged in. However, if I delete cookies from the browser I am once
again redirected to the login page. I currently have timeout="2" in
the athentication/forms element of the web.config.

Anyone have any idea about what might be causing the problem?

Thanks

Hello srlowe@hotmail.com,

are you using FormsAuthentication.RedirectFromLoginPage or SetAuthCookie
- there is parameter which specifies if the login cookie should be persistent.
I guess you are setting this to true.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

[quoted text, click to view]