Forms authentication ticket seems to expire pre-maturely and kick out the user

Although I set the timeout to 60 or 1440, it seems the user gets logged out in few minutes, may be 20-30 mts.

Any suggestions would be great.HOw canI start debugging this issue?

    <sessionState mode="InProc" stateConnectionString="tcpip=something" sqlConnectionString="data source=something;Trusted_Connection=yes" cookieless="false" timeout="60" />
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
 Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String
            Dim ck As HttpCookie
            Dim intTimeoutMinutes As Integer = 1
            Dim intRtn As Integer = 1

                'set cookie timout period based on isPersistent
                If isPersistent Then
                    intTimeoutMinutes = 43200 '30 days
                    intTimeoutMinutes = 60
                End If
                'create auth cookie
                tkt = New FormsAuthenticationTicket(1, strUserName, DateTime.Now(), DateTime.Now.AddMinutes(intTimeoutMinutes), isPersistent, strUserName)
                cookiestr = FormsAuthentication.Encrypt(tkt)
                ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
                If isPersistent Then
                    ck.Expires = tkt.Expiration
                End If
                ck.Path = FormsAuthentication.FormsCookiePath()
                'write auth cookie to client PC
            Catch ex As Exception
                intRtn = -1
            End Try
Who is Participating?
No it takes its settings from web.config. You are sure there is only one? Any other errors being generated? Changes to config, dlls etc also reset session.
Why are you creating the cookies yourself? Forms authentication creates and manages the cookies for you.
TrialUserAuthor Commented:
You mean just this would do it :
      FormsAuthentication.SetAuthCookie(strUserName, False) ?
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

TrialUserAuthor Commented:
Ok, with my original code, it works in the local. However when I published it does not work in the production environment. The timeout does not take its minutes from the Web.config or what is set in the code.

Is there any setting in the IIS 7? Thanks
TrialUserAuthor Commented:
I was getting this error :.
The error I got is :
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
TrialUserAuthor Commented:
<authentication mode="Forms">
      <forms name=".DSA" loginUrl="frmStartLogin.aspx" defaultUrl="/frmStart.aspx" protection="All" timeout="1440" path="/" slidingExpiration="true" />
Is that on a particular page or all pages? Do you have only one web.config in the whole of your site?
TrialUserAuthor Commented:
There  is only web.config file.
TrialUserAuthor Commented:
I re-wrote the code. Stripped out the code where I create the forms authentication cookie and did this  still does not work. Makes me think somethng is wrong in the IIS 7 configuration. Please suggest. I really need to get this resolved asap. Any help will be rgeatly appreciated, Thanks
  FormsAuthentication.RedirectFromLoginPage(strUserName, isPersistent)
authentication mode="Forms">
        <forms loginUrl="frmstartlogin.aspx" name=".ASPXFORMSAUTH" defaultUrl="frmstart.aspx" path="/" timeout="35">
<sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;Trusted_Connection=yes"  timeout="20"/><sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;Trusted_Connection=yes"  timeout="20"/>
Alan WarrenApplications DeveloperCommented:
Rahul AgarwalTeam LeaderCommented:
Have you try this

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket
   1, // version
   txtEmail.Text, // name
   DateTime.Now, // issueDate
   DateTime.Now.AddMinutes(30), // expiration
   false, // isPersistent
   roles, // userData
   FormsAuthentication.FormsCookiePath // cookiePath


Check the AppPool assigned for the website in the IIS.

Right Click on the assigned AppPool and click "Advanced Settings"

In that check for "Idle Timeout - Minutes" under the process Model..

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.