Re: Session expiration and authentication

From: Marcio Kleemann (notavailable)
Date: 05/25/04 

Date: Mon, 24 May 2004 15:57:15 -0700

Thanks for the suggestion. I think I have most everything working: if I use
a "logout" button I clear the session and do a FormsAuthentication.Signout
successfully (which forces the user back to the login page; if the timeout
for the forms authentication (from web.config) lapses, then the user also
gets sent back to the login page, where with some logic I can clear the
session too.

However, I still have a problem:

When I trap Session_End(), I need to also call
FormsAuthentication.SignOut(). This is because if a session ends before the
forms authentication's own timeout out passes, I need to sign out to clear
the authentication ticket. However, whenever I call .SignOut() from within
Session_End, the function is not successful; that is, the user can continue
working on the web site without being redirected back to the login page.
Anywhere else that I call SignOut from other pages it seems to be OK, only
from SessionEnd() (or would it be anywhere in global.asax?) it seems to not
work.

Any other ideas?

"David Coe, MCP" <anonymous@discussions.microsoft.com> wrote in message
news:DC900F83-A53C-4E9C-B7C3-8068DC443F0D@microsoft.com...
> When you clear the session state, validate that the count goes to 0. You
may also need to call Session.Abandon() to completetly cancel the session.

Relevant Pages

  • Re: Session Security
    ... have more to do with the client side than the server. ... >site within the same browser session, and then attempts to use the Back ... There are some ways to ask the browser not to cache a page (especially ... successful if this is a https, not http, session. ...
    (comp.lang.php)
  • Re: Serious Practice
    ... bill coad wrote: ... Attempt to get 10 in a row and stop the session upon the first failure. ... This minimizes the drops per practice session and agrees with Torben?s ... Make 10 attempts in a session and move on when all 10 are successful. ...
    (rec.juggling)
  • RE: Synchronising two combo boxes
    ... Daniel, ... I did try both your alternatives but neither were successful unfortunately. ... I have only just taking over the admin work of this database. ... I want for the user to be able to select a session ...
    (microsoft.public.access.formscoding)
  • Re: Walid Phares on C-SPAN2 now
    ... 5th session. ... If the content of the presentation matches the book, the book appears to be intended for US audience. ... we should encourage fellow Lebanese who become successful and help each other become successful rather than shoot each other in the back. ...
    (soc.culture.lebanon)
  • Session Timeouts - Notifying The User
    ... What is the best way (or what ways have been successful for you) to ... notify a user on a website that their session has timed out? ... forward the user to a "session timed out" page of some sort. ...
    (microsoft.public.dotnet.languages.csharp)