Why don't you create persistent cookies which have a longer expiration timeout?
I have some forms authentication in which a user is not logged out for 8 hours,
on the server side, all you have to do is make sure the validation cookie is still
valid.
Nothing wrong with that.
Thanks for the reply lewy.
I'm not sure exactly what you mean though. Do you mean just increase the timeout limit?
Depending on your application's needs, you can easily store the login information on a cookie.
You mentioned it's an intranet application.
I have several apps which don't have a timeout for periods longer than 8 hours, they
won't log anyone off during a normal 8 hour workday.
Having said this, rather than keeping your session timeout on the server,
Keep it on a cookie.
This way your users will still be logged on and won't lose any data, unless they close the browser.
Did I say intranet? Sorry, I meant extranet..
You have got me thinking about a longer timeout though. It was put in place in the classic ASP app as we were sharing offices and needed more protection of the data. I kind of just wanted to keep the same setup ported over to .NET.
Now that necessity may be diminshed.
I've nearly written a function that works for me, so hopefully that might partially solve the issue. The only slight potential hiccup I can forsee is the size of the cookie allowed by JS and storing a longish email.
Posting Permissions 
LinkBack URL
About LinkBacks
Bookmarks