How can I make a security token automatically expire in a passive STS setup?

Posted by Rising Star on Stack Overflow See other posts from Stack Overflow or by Rising Star
Published on 2010-06-03T15:13:29Z Indexed on 2010/06/03 15:24 UTC
Read the original article Hit count: 308

Filed under:
|
|
|
|

I have a passive STS set up for a new application I'm working on.

I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires.

I am familiar with how to sign a user out with a few lines of code. How can I make it so that the user is automatically signed out after a specified period of inactivity?

Currently, I have some code in the global.asax file that programmatically checks when the last request was and compares it to the current time; it then signs the user out if a certain period of time has expired.

© Stack Overflow or respective owner

Related posts about security

Related posts about authentication