Sitecore setting Timeout on a Virtual User

A customer was having issues getting a virtual users expiration to timeout. In looking at the code in the Authentication Manager I found that the method being used to load the virtual user passes expires as false and didn’t have an override.

To fix it I overwrote the Login(User) method of theĀ  Authentication Provider and passed in the true variable.

Here’s my Authentication Provider.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using Sitecore.Diagnostics;
using System.Web.Security;
using Sitecore.SecurityModel;
using Sitecore.Configuration;
using Sitecore.Security.Accounts;

namespace AdventureWorksMembership
    public class FormsAuthenticationProvider : Sitecore.Security.Authentication.FormsAuthenticationProvider
        public override bool Login(Sitecore.Security.Accounts.User user)
            Assert.ArgumentNotNull(user, "user");
            if (!base.Login(user))
                return false;
            FormsAuthentication.SetAuthCookie(user.Name, true);
            return true;

        private void StoreMetaData(Sitecore.Security.Accounts.User user)
            UserRuntimeSettings runtimeSettings = user.RuntimeSettings;
            if (runtimeSettings.IsVirtual)
                ClientContext.SetValue("SC_USR_" + user.Name, runtimeSettings.Serialize());

And in my web.config file

<authentication defaultProvider="forms">
<add name="forms" type="AdventureWorksMembership.FormsAuthenticationProvider, AdventureWorksMembership"/>

<authentication mode="None">
<forms name=".ASPXAUTH" cookieless="UseCookies" timeout="20"/>

It should be noted that setting slidingexpiration to true doesn’t work so this could open a whole new set of worms for you.

I have a fix for that here in this forum thread :