asp:login control - user prompted to log in twice if session disab

Discussion in 'ASP .Net' started by =?Utf-8?B?RHVrZSAoQU4yNDcp?=, Sep 20, 2007.

  1. The majority of pages on our site need authentication (forms auth against the
    aspnetdb database). I created an '~/auth' folder with its own config file
    forcing authentication for any pages in the folder.

    The default.aspx sits in the root folder and just does a Response.Redirect
    to an ~/auth/home.aspx page. The config forces authentication, which is
    carried out by ~/pub/login.aspx which has a standard asp:login control.

    I set up the default.aspx and login.aspx pages with
    EnableSessionState=False. Only authenticated pages have
    EnableSessionState=True. I did this so that unauthorised people/bots would
    not generate sessions. Each auth page has a LoginStatus control that allows
    the user to log out, which returns them to the login page.

    Everything seemed to be working ok but I thought I could improve things by
    issuing a Session.Abandon in the LoggedOut event handler. On logging out the
    user is at the login page. If they then enter their user name and password
    and try to login they get another instance of the login page. If they enter
    their details and try to log in again they finally get to the ~/auth/home
    page.

    I removed the Session.Abandon and I got the expected behaviour, ie redirect
    to the ~/auth/home the first time after entering the user name and password.

    Still with EnableSessionState=False I then changed the session time out to 1
    minute. If the user logs out and attempts to log back in straight away it
    works. However, if the user were to wait for over a minute before attempting
    to log back in the user gets two login screens.

    With EnableSessionState=True on the login page, abandoning the session does
    not cause a problem.

    To summarise; if the login page has EnableSessionState=False and the session
    has expired then the user has to login twice.

    Is there a way around this without enabling the session state?

    Cheers,
    Andrew
     
    =?Utf-8?B?RHVrZSAoQU4yNDcp?=, Sep 20, 2007
    #1
    1. Advertising

  2. Hi Andrew,

    Thanks for your detailed explanation, but I'm still having trouble to
    reproduce the issue on my side; especially following points:

    * You mentioned two login screens, are they all referring to
    ~/pub/login.aspx or you have another login page?

    Would you please send me a small project to demonstrate the issue? Thanks
    for the trouble.


    Regards,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Walter Wang [MSFT], Sep 21, 2007
    #2
    1. Advertising

  3. RE: asp:login control - user prompted to log in twice if session d

    I created a test project and couldn't recreate it. Eventually I found some
    code which caught expired sessions. It signed the user out and then
    redirected them to the login page. The code was being run when logging in
    after a session abandon, hence the double login.

    Apologies for taking up your time on this Walter,
    Andrew
     
    =?Utf-8?B?RHVrZSAoQU4yNDcp?=, Sep 21, 2007
    #3
  4. RE: asp:login control - user prompted to log in twice if session d

    Hi Andrew,

    Thanks for your update.

    Have a good day.

    Regards,
    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    ==================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Walter Wang [MSFT], Sep 24, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rod
    Replies:
    1
    Views:
    452
    Thomas Wenning
    Jan 26, 2005
  2. =?Utf-8?B?TmljayBaZHVuaWM=?=

    Disab;e selection of dropdownlist items (in a GridView)

    =?Utf-8?B?TmljayBaZHVuaWM=?=, Mar 29, 2006, in forum: ASP .Net
    Replies:
    4
    Views:
    3,937
    Flinky Wisty Pomm
    Mar 29, 2006
  3. Haobing
    Replies:
    1
    Views:
    1,075
    Haobing
    Dec 20, 2005
  4. Tom
    Replies:
    8
    Views:
    497
  5. Replies:
    0
    Views:
    147
Loading...

Share This Page