How to check the ticket time-out period of a cookie


I am testing an application working with forms authentication and cookies. I have configured the next code in the web.config:

<forms name="FormsCookie" loginUrl="~/login.aspx" cookieless="AutoDetect" timeout="1" slidingExpiration="false"></forms>

If I browse to my application and logon I can see in Chrome (F12/Resources/Cookies) a cookie with the name FormsCookie. I I click this cookie I can see the Expires/Max-Age property. The value of this property is Session. How can I see the actual time of expiring (so for example 1:05 PM). I want to check this because I see that the forms cookie is still present after logging out, but I don't know how to check whether this cookie is still valid.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve BinkCommented:
The value of "session" means the cookie is valid until the browser closes.  The browser is responsible for clean-up at that point.  If you want the cookie to expire, set an expiration when you set the cookie.  The better alternative would be to forcefully expire (unset) the cookie on logout - something that should be happening anyways.
adiemeerAuthor Commented:
Thanks for your comment. But is it possible to check client side what the remaining time period is of a session?
Steve BinkCommented:
A session cookie is valid until the browsing session is complete, i.e., the browser application is shut down.  So, no... since any code you wrote would have to know the mind of the actual user, and when they intend to close the browser.

As I said earlier, if you want a particular expiration, set it.  If you are going to leave the expiration up to the user, then leave it up to the user.

In any case, I still recommend implementing a forced expiration on logout.  That's just good practice.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
adiemeerAuthor Commented:
Thank you for your time
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Applications

From novice to tech pro — start learning today.