.net Session and user cookie persistent authentication

1
votes

Here is the scenario:

A user is logged on and a Session has been created on the server along with an authentication cookie on the client side.

The Session timeout is set to 20 minutes.

After 25 minutes of inactivity the user goes back onto the website, so his Session does not exist anymore but the authentication cookie still exists.

Based on the cookie what's the best and secured way to allow the user to get signed in automatically...

Thanks in advance for any help.

1
.netauthenticationsession-cookies

1 Answers

0
votes

First, sign on automatically, should be a option, some users doesn't want it.

Second, if the user has that option active and the authentication cookie still exists you only need to create a new session. You don't need to really authenticate the user, just give him a cookie. :-P.