Silverlight 4 raise event on forms authentication cookie expiration

Question

I am stumped on how to fire an event in silverlight when a forms authentication cookie expires. I would like to redirect the application to a login screen immediately. I understand I can wait until a web service call fails but I think redirecting the user to login after inputing data is poor customer experience.

Answer 1

This cookie has a default timeout of 30 minutes. That means that if there is no communication with the server for longer than 30 minutes, then the cookie will expire and the user will be logged out. The actual implementation of how the expiry works is a little more complicated, but this is the simple version (you can find the more complicated behavior described here: http://support.microsoft.com/kb/910439). You can increase or decrease this value if required (in the web.config file), but it’s not recommended to make it too big. The longer the lifetime of the cookie, the more chance someone would have to steal it and impersonate the user. The short lifespan of the cookie is essentially a security measure, and should only be changed after careful consideration.

From Pro Business Applications With Silverlight 4, Page 250

I guess you could make a timer in the MainPage and just automatically redirect to the login if the timer wasn't updated for 30 minutes. I can't find the quote right now but I think I remember he also said that there is no real way of telling when the cookie expired.