FormsAuthentication.SlidingExpiration Property
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets a value indicating whether sliding expiration is enabled.
public:
static property bool SlidingExpiration { bool get(); };public static bool SlidingExpiration { get; }static member SlidingExpiration : boolPublic Shared ReadOnly Property SlidingExpiration As Booleantrue if sliding expiration is enabled; otherwise, false. The default is true.
The following code example sets the slidingExpiration attribute to false in the Web.config file for an ASP.NET application.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx"
name=".ASPXFORMSAUTH"
cookieless="UseCookies"
requireSSL="true"
slidingExpiration="false" />
</authentication>
The SlidingExpiration property value is set using the slidingExpiration attribute of the forms configuration element.
Sliding expiration resets the expiration time for a valid authentication cookie if a request is made and more than half of the timeout interval has elapsed. If the cookie expires, the user must re-authenticate. Setting the SlidingExpiration property to false can improve the security of an application by limiting the time for which an authentication cookie is valid, based on the configured timeout value.
We recommend that if you configure requireSSL as false, you also configure slidingExpiration as false, to reduce the amount of time for which a ticket is valid.
| Product | Versions |
|---|---|
| .NET Framework | 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
.NET feedback
.NET is an open source project. Select a link to provide feedback: