formsauthenticationticket

I am looking for a solution where we can make a FormsAuthenticationTicket (and corresponding cookie) with a very long expiration period. This is possible by setting a high value or using a sliding expiration, but when the application pool of the website is recycled, the FormsAuthenticationTicket disappears (I think), the cookie gets invalid and the user is asked to login again. Is there any way around this? Set static machineKeys instead of the auto generated. This way the FormsAuthenticationTicket will survive app pool recycling. 来源： https://stackoverflow.com/questions/3676995/can-a

When a user logs in based on default Forms Authentication method, the server creates a cookie containing encrypted data (using Machine Key as key for encryption). It means that if someone find/guess/access Machine Key for the server, he will be logged in to the web application. I've developed some applications which are on 4 servers. So, I hard-coded the same Machine Key for all the servers in machine.config and I can't use Auto Generate mode. Is it possible to brute force the Machine Key? Is there any other methods? (I don't want to use Windows and Passport) And is Forms Authentication Ticket

This is an MVC2 website, I am having a problem with a FormsAuthentication ticket. A user timeouts after 30 minutes cannot re-login. During testing, the DateTime.Now.AddMinutes(30) value was set to 5000 and everything was ok, but it has now changed to 30 and that is when then the problem started From cookie creation FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, user.UserID, DateTime.Now, DateTime.Now.AddMinutes(30), false, "user,user1", FormsAuthentication.FormsCookiePath); Web.config file <authentication mode="Forms"> <forms loginUrl="~/Account.mvc/LogOn" timeout="2880"