Detecting session time out in custom log in page

Discussion in 'ASP .Net Security' started by Stephen Walch, Oct 6, 2003.

  1. If I use the following in my web.config

    <authentication mode="Forms"> <forms loginUrl="User/UserLogin.aspx"
    timeout="10"/> </authentication>

    then the page will time out after 10 minutes of inactivity and when the user
    next tries to use the app they will see my custom login page. How, then,
    can I code my login page to recognize that this is a timed out session
    (rather than a new login) and display helpful information about the
    situation?

    Thanks in advance,

    - Steve
     
    Stephen Walch, Oct 6, 2003
    #1
    1. Advertising

  2. Hi Stephen,

    I have reviewed your issue. Due to the nature of your issue I need to do
    additional research to determine the best way to provide assistance. I will
    contact you as soon as possible.

    Best regards,

    Jacob Yang
    Microsoft Online Partner Support
    Get Secure! ┬ĘC www.microsoft.com/security
    This posting is provided "as is" with no warranties and confers no rights.
     
    Jacob Yang [MSFT], Oct 7, 2003
    #2
    1. Advertising

  3. Stephen Walch

    Lauchlan M Guest

    > I have reviewed your issue. Due to the nature of your issue I need to do
    > additional research


    Jacob,

    While you're onto this, could you also advise about the converse - how to
    force a new SessionID and have it show up in the URL when operating in
    cookieless mode (see thread "Ending sessions when running in cookieless
    mode")?

    Thanks!!

    Lauchlan M
     
    Lauchlan M, Oct 7, 2003
    #3
  4. Stephen Walch

    MSFT Guest

    Hi Steve,

    The TimeOut attribute here only make sense when we use non-persistent
    cookie for the form authentication. When it is timeout, the cookie has a
    null value which is same as a new login. We can't decide from it.

    Anyway, we may set a session variant when your user first logon, for
    example, record the logon in time. This can be an evidence when we check if
    it is a new login or get back from timeout.

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    MSFT, Oct 8, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sunkrajesh
    Replies:
    0
    Views:
    369
    sunkrajesh
    May 31, 2009
  2. Jazzis
    Replies:
    2
    Views:
    279
    Jazzis
    Sep 23, 2003
  3. J
    Replies:
    2
    Views:
    711
  4. Leena Jethwa

    Create a log-in & log-out page

    Leena Jethwa, May 1, 2009, in forum: Ruby
    Replies:
    2
    Views:
    115
    Mike Stephens
    May 1, 2009
  5. Jayesh Kamdar
    Replies:
    2
    Views:
    169
    Gunnar Hjalmarsson
    May 25, 2005
Loading...

Share This Page