0

I am implementing site with login via facebook. I call FormsAuthentication.SetAuthCookie(response.email, true); after facebook authenticates user.

Form authentication timeout is set to 129600 (3 month).

Should i set session timeout to the same value? As far as I understand session timeout should be as few as possible.

Is it normal if session timeout less then form timeout? (for example form 129600 session 30)

I know that there are many similar questions, but this problem isn't clear for me.

Thanks.

Anatoliy
  • 672
  • 5
  • 12
  • 1
    it can't be simpler than this answer: http://stackoverflow.com/questions/2178176/differences-in-forms-auth-timeout-and-session-timeout – MilkyWayJoe May 23 '12 at 14:43

1 Answers1

2

You're using cookies for authentication, your server session doesn't matter. A potential problem is that if you store data on Session object and it expires, that could cause troubles to user since functionality depending on this data would probably fail.

If you handle server Session expiration properly, you won't have any problem.

Claudio Redi
  • 67,454
  • 15
  • 130
  • 155