Administration: Configure authentication expiration
Use this procedure to configure your Sitefinity CMS authentication expiration. That is, choose the expiration time of the authentication cookie issued as a proof for your successful authentication upon login to Sitefinity CMS.
There are two expiration dates that control when the authentication cookie expires:
- The expiration date of the cookie itself.
This is a standard cookie property that by default defines the cookie as a session cookie. This means that the browser deletes the cookie once it is closed. If you set a specific value of the property, the browser checks it and send the cookie to the server only if it is not expired. Such cookies are referred to as persistent cookies. - The expiration date encrypted and stored in the cookie content. This is done because the cookie expiration date can’t be trusted as it can be modified by the client.
You configure both expiration dates by specifying a value for the AuthCookieTimeout property.
To specify the expiration timeout of the authentication cookies:
- In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
- Click Security and in the AuthCookieTimeout input field, set the expiration date in minutes, for example 600.
- Save your changes.