I'm coding my sliding expiration algorithm for Bearer tokens to mimic what's done by Microsoft on their FormsAuthentication logic, and reading their documentation they say (emphasis added)
When the SlidingExpiration is set to true, the time interval during which the authentication cookie is valid is reset to the expiration Timeout property value. This happens if the user browses after half of the timeout has expired
What's the reasoning behind waiting for that instead of just increasing the cookie's expiration every time a user browses a page?
Aucun commentaire:
Enregistrer un commentaire