Re: Session expiration and authentication
From: Marcio Kleemann (notavailable)
Date: Mon, 24 May 2004 15:57:15 -0700
Thanks for the suggestion. I think I have most everything working: if I use
a "logout" button I clear the session and do a FormsAuthentication.Signout
successfully (which forces the user back to the login page; if the timeout
for the forms authentication (from web.config) lapses, then the user also
gets sent back to the login page, where with some logic I can clear the
However, I still have a problem:
When I trap Session_End(), I need to also call
FormsAuthentication.SignOut(). This is because if a session ends before the
forms authentication's own timeout out passes, I need to sign out to clear
the authentication ticket. However, whenever I call .SignOut() from within
Session_End, the function is not successful; that is, the user can continue
working on the web site without being redirected back to the login page.
Anywhere else that I call SignOut from other pages it seems to be OK, only
from SessionEnd() (or would it be anywhere in global.asax?) it seems to not
Any other ideas?
"David Coe, MCP" <email@example.com> wrote in message
> When you clear the session state, validate that the count goes to 0. You
may also need to call Session.Abandon() to completetly cancel the session.