I've been searching some way that my session will never expire, unless the user logs out.
My code is like this, I am obliged to inform the validity of the session:
public void CreateAuthorizeTicket(string userId, string roles)
{
var authTicket = new FormsAuthenticationTicket(
1,
userId, // Id do usuário é muito importante
DateTime.Now,
DateTime.Now.AddMinutes(100), // validade min session
false, // Se você deixar true, o cookie ficará no PC do usuário
roles);
string encrypetedTicket = FormsAuthentication.Encrypt(authTicket);
FormsAuthentication.SetAuthCookie(encrypetedTicket, false);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);
}
Global.asax.cs:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User == null) return;
if (!HttpContext.Current.User.Identity.IsAuthenticated) return;
if (HttpContext.Current.User.Identity is FormsIdentity)
{
var id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}