Forms Authentication

[primagic]

Would there be any reason why after a user is idle for a specific amount of time on my website, it doesnt log them out. The secure page stays open but then kicks them out if they try to do something.

I thought the following code in the webconfig file should kick the user out?

<authentication mode="Forms">
            <forms name=".Login" loginUrl="index.aspx" defaultUrl="index.aspx" protection="All" timeout="30">
                
            </forms>
        </authentication>
        <sessionState timeout="30" />

 

[ca8msm]

That's how any web development works (not just ASP.NET). The server only knows that they have timed out once a second request is made, it has no concept of what they are doing on the client after it sent them the last set of HTML.

Mark,

Darlington Web Design[tab]|[tab]Experts, Information, Ideas & Knowledge[tab]|[tab]ASP.NET Tips & Tricks