Re: Identify FormsAuthentication Timeout

The better thing to do here is to design the app so that it can easily handle holding data that is in an intermediate state of completion (not yet "submitted") and provide code that allows features like auto save to work and to make the current transaction "GET friendly" so that if the user is redirected away from the page they've been working on and then redirected back, they are returned to their in process transaction with the data as it was last saved either through some sort of auto save feature or via a user interaction.

You can also make it such that the forms auth does not time out at all (or takes a very long time to), but that may not be desirable from a security perspective.

Obviously there is some significant rework involved to make the app behave like this.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Chuck" <nospam2@xxxxxxxxxxxxx> wrote in message news:76C88928-236B-4E09-BB40-74F1AE486D9F@xxxxxxxxxxxxxxxx
Thanks,
Interesting technique, but I can't use it. The users credentials are
security sensitive so we do need to have authentication deactivated after the
timeout period expires.


"Alexey Smirnov" wrote:

On Jun 3, 5:17 pm, Chuck <nosp...@xxxxxxxxxxxxx> wrote:
> I have a forms authentication website that has a page where users spend > a lot
> of time on. So somebody spends an hour on the page and then presses > submit
> and gets redirected to the logon page. Followed by a redirect back to > where
> they were minus all the data they typed in.
>
> Is their a way to handle time outs without loosing data on the > redirect.
> Maybe popup a logon page versus a redirect or something.

Hi Chuck

you can try to prevent the timeout by placing an iframe in the page
that hits another page. See:

http://www.codeproject.com/KB/session/Session_Defibrillator.aspx

Another approach is to add js with timeout which is less then the
ASP.NET timeout

http://jeremywadsworth.com/Default.aspx?blogentryid=41

Hope this helps


.

Relevant Pages

  • Re: ADFS Proxy Error
    ... redirecting the client to the logon site. ... resource FS -> app ... The redirect from the account FS to the resource FS is a POST redirect of ... On my test client I have a host file entry to redirect any requests to my ...
    (microsoft.public.windows.server.active_directory)
  • RE: After specified browser activity
    ... Thanks for posting in the community! ... you can only redirect user after the user's NEXT CLICK. ... However, since the timeout state info are on serverside, I ... "window.setInterval" function to check a hidden field flag to determine ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: After specified browser activity
    ... Thanks for posting in the community! ... you can only redirect user after the user's NEXT CLICK. ... However, since the timeout state info are on serverside, I ... "window.setInterval" function to check a hidden field flag to determine ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Redirect Session Timeout
    ... you can redirect the user to a page with you timeout message. ... I don't want them to just end up att the default Login page just like that. ... > In web.config I can set loginUrl to a certain URL. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Identify FormsAuthentication Timeout
    ... FormsAuthetication provider. ... timeout period expires. ... Followed by a redirect back to ... Maybe popup a logon page versus a redirect or something. ...
    (microsoft.public.dotnet.framework.aspnet.security)