Detecting session time out in custom log in page

[Stephen Walch]

If I use the following in my web.config

<authentication mode="Forms"> <forms loginUrl="User/UserLogin.aspx"
timeout="10"/> </authentication>

then the page will time out after 10 minutes of inactivity and when the user
next tries to use the app they will see my custom login page. How, then,
can I code my login page to recognize that this is a timed out session
(rather than a new login) and display helpful information about the
situation?

Thanks in advance,

- Steve

 

[Jacob Yang [MSFT]]

Hi Stephen,

I have reviewed your issue. Due to the nature of your issue I need to do
additional research to determine the best way to provide assistance. I will
contact you as soon as possible.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Lauchlan M]

I have reviewed your issue. Due to the nature of your issue I need to do

additional research

Jacob,

While you're onto this, could you also advise about the converse - how to
force a new SessionID and have it show up in the URL when operating in
cookieless mode (see thread "Ending sessions when running in cookieless
mode")?

Thanks!!

Lauchlan M

 

[MSFT]

Hi Steve,

The TimeOut attribute here only make sense when we use non-persistent
cookie for the form authentication. When it is timeout, the cookie has a
null value which is same as a new login. We can't decide from it.

Anyway, we may set a session variant when your user first logon, for
example, record the logon in time. This can be an evidence when we check if
it is a new login or get back from timeout.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)