private void WriteAuthCookie(User user)
{
//int userID, string username) {
double formsAuthTimeout = 40;
string userData = user.ToDelimitedString();
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(
1, // version
user.Name, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(formsAuthTimeout), // Expiration
false, // isPersistent
user.ToDelimitedString() // user data (just user object in simple delimited string)
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// Make sure we mark the cookie as "Secure" if RequireSSL is set in the web.config.
// If we don't, the FIRST issuing of this cookie will not be secure
// (as we are the ones that did it) while the second issuing (when it's
// being refreshed) will be secure. That would cause intermittent problems with
// timeout-like behaviors around "timeout/2" minutes into the user's session.
authCookie.Secure = FormsAuthentication.RequireSSL;
authCookie.HttpOnly = true;
HttpContext.Response.Cookies.Add(authCookie);
}