Create Action which doesn't affect session timeout

Question

In my ASP.NET MVC 3 application, I have a timer which executes a controller action every period of time. This way my session is never timed out...

I don't want this action to reset the session timer every time it is executed. I tried to do this by creating a custom attribute [AllowAnonymous] like this link

http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

but this way, any user will be able to access this action without logging in, and that's not what I want.

Any ideas ?

Answer 1

You could disable sliding expiration for the session in your web.config:

<forms slidingExpiration="false" loginUrl="~/Account/LogOn" timeout="2800" />

This way the forms authentication cookie won't be renewed and the ticket will be valid only for a fixed amount of time.

And if you wanted to disable sliding expiration only for certain requests you may take a look at the following answer. It's a bit hacky because the ticket renewal code is buried deep into the FormsAuthenticationModule.