Re: forms authentication redirect problem

In addition, don't confuse forms authentication timeout with session state
timeout. They are tied to different cookies and can have different values.
For example, your session state can time out before your forms auth and vice
versa.

I'd suggest doing a check in your page load to verify that values you expect
to be in session are present and redirect to a "safe" page such as the home
page for the app if they are not. This way, the session state validation is
not tied to any specific authentication mechanism.

Ditching session state where possible is also a good idea. :) Perhaps you
could put this state in a query string or cookie instead. If the data is
just cached for performance reasons, use the cache object instead.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:4580be6343708c874711eb6f3b9@xxxxxxxxxxxxxxxxxxxxx
RedirectFromLoginPage simply call 2 APIs that you can call yourself,
1. FormsAuthentication.SetAuthCookie to set the ticket
2. Response.Redirect(FormsAuthentication.GetRedirectUrl(..))

2 does the redirect and you can do it yourself.

Hi All,

I am developing using ASP.NET using VB on .NET framework 1.1.

I have an application that uses forms based authentication. When the
session times out and sends the user back to the login page, I see
that it populates a return_url value and adds it to the url. Such that
when the user then authenticates, the
FormsAuthentication.RedirectFromLoginPage then uses the return_url to
return the user back to the page they were on when the session
expired. All well and good, but, some of my pages rely on the previous
content of the session variables to be able to populate the page they
were previously on.

Is there any way of preventing the redirect to the return_url, eg by
using something instead of FormsAuthentication.RedirectFromLoginPage,
that only ever takes the user to the mainmenu page? Or, do I need to
add checking for the existence of the required session values on each
page (rather painful if I do have to).

Please be gentle, I am not very experienced with ASP.NET as you may
see by
my question.
Thanks in advance
Janette




.

Relevant Pages