forms authentication -- expired forms cookie vs. not provided forms cookie

E

Eric

I want my users to get a login page if they forms cookie is not present, but
if the forms cookie is present and expired, I want them to get a timeout
page. Is this possible with forms authentication?
 
D

Dominick Baier [DevelopMentor]

Hi,

i don't know any programmatic way to distinguish between these two states.
no.
 
E

Eric

Thank you for a quick reply. I was able to kind of "fake" forms
authentication based on existence of ReturnUrl in the query string. I put
code in the Application_AuthenticateRequest() event where if request is not
authenticated but the ReturnUrl is present in the query string, I attempt to
decrypt the forms cookie. If cookie exists and I'm able to decrypt it, I then
check if it's expired. If it's expired, I redirect to the timeout page. If
I'm already logged in and after letting forms cookie to expire I attempt to
load the page that requires non-authenticated user, forms authentication will
redirect me to the login page with ReturnUrl, which is what I look for in the
Application_AuthenticateRequest. Looks like it's working, but I'm not sure if
it's the best solution.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,831
Latest member
HealthSmartketoReviews

Latest Threads

Top