Does "HttpContext.Current.User.Identity.Name" returns null if session times out?

Question

I working on an Formsauthentication sign in functionality.

My session configuration is 1minute,

<sessionState cookieless="false" timeout="1"/>

My forms authentication settings,

<authentication mode="Forms">      
  <forms cookieless="UseCookies" defaultUrl="~/" loginUrl="~/user/signin" name="PMPLUSWeb" timeout="21680" slidingExpiration="true"  />
</authentication>

I set the forms authentication as,

FormsAuthentication.RedirectFromLoginPage(userID, user.RememberMe);

So when I access "HttpContext.Current.User.Identity.Name" I get the userID.

If the session times out (after 1minute), I thought "HttpContext.Current.User.Identity.Name" will also expire. But the value persist, I still get the UserID after 1minute. Where does this value stored?

Is the value read from the cookie and sent via the request?

score 3 · Accepted Answer · edited May 23 '17 at 12:28

3

If the login cookie expires (I'd avoid using the term "session" here), then HttpContext.Current.User will return null and HttpContext.Current.Request.IsAuthenticated will return false

For more information on how User / IsAuthenticated are set, take a look at these two questions.

edited May 23 '17 at 12:28

Community

1
1

answered Dec 23 '13 at 07:55

Richard Szalay

83,269
19
178
237

Does "HttpContext.Current.User.Identity.Name" returns null if session times out?

1 Answers1