FormsAuthentication doesn't redirect properly after timeout

Discussion in 'ASP .Net' started by Danny, Jun 17, 2004.

  1. Danny

    Danny Guest

    Hi there,

    I was wondering if anyone would be able to shed some light on the
    following behaviour for me.

    I have an application that is using Forms Authentication with
    non-persistent cookies, a forms timeout of 10 minutes, and a
    FormsAuthenticationTicket Expiration of 10 minutes. Almost everything is
    working as expected... when users try to enter restricted parts of the
    site they are redirected to the login.aspx page that I have specified in
    order to authenticate themselves. Once authenticated they are returned
    successfully to the originally requested page.

    (aside: I am able to do this using a call to
    Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
    false)); or FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
    false); - either method works.)

    If the timeout expires and the user then wishes to access some
    restricted content again, they are booted back to the login page
    (obviously, this is supposed to happen). The part that doesn't work as
    expected is as follows:

    After this timeout, once the user then successfully
    authenticates themself again they do not get redirected to the page they
    were trying for, instead they are redirected to default.aspx at the root
    of the application.

    I noticed that there is no ReturnUrl parameter present in the query
    string when redirected to the login page following an authentication
    timeout.

    Hope to hear from someone.

    Regards,

    Danny


    *** Sent via Devdex http://www.devdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Danny, Jun 17, 2004
    #1
    1. Advertising

  2. Danny wrote:

    > Hi there,
    >
    > I was wondering if anyone would be able to shed some light on the
    > following behaviour for me.
    >
    > I have an application that is using Forms Authentication with
    > non-persistent cookies, a forms timeout of 10 minutes, and a
    > FormsAuthenticationTicket Expiration of 10 minutes. Almost everything is
    > working as expected... when users try to enter restricted parts of the
    > site they are redirected to the login.aspx page that I have specified in
    > order to authenticate themselves. Once authenticated they are returned
    > successfully to the originally requested page.
    >
    > (aside: I am able to do this using a call to
    > Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
    > false)); or FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
    > false); - either method works.)
    >
    > If the timeout expires and the user then wishes to access some
    > restricted content again, they are booted back to the login page
    > (obviously, this is supposed to happen). The part that doesn't work as
    > expected is as follows:
    >
    > After this timeout, once the user then successfully
    > authenticates themself again they do not get redirected to the page they
    > were trying for, instead they are redirected to default.aspx at the root
    > of the application.
    >
    > I noticed that there is no ReturnUrl parameter present in the query
    > string when redirected to the login page following an authentication
    > timeout.
    >
    > Hope to hear from someone.
    >
    > Regards,
    >
    > Danny
    >
    >
    > *** Sent via Devdex http://www.devdex.com ***
    > Don't just participate in USENET...get rewarded for it!


    Are they (the users) sometimes doing a postback after the timeout,
    instead of doing a GET for a page; is that the scenario that breaks?
    Could be that .NET doesn't populate ReturnUrl if it's a POST that is
    being done 'illegally', as it can't really 'put you back where you were'
    after logging back in. Now if you were clicking on a simple link (a
    GET), it knows it can put you back in that exact spot.

    Just a guess...

    --
    Craig Deelsnyder
    Microsoft MVP - ASP/ASP.NET
    Craig Deelsnyder, Jun 17, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q3JhaWc=?=

    formsauthentication timeout & session timeout

    =?Utf-8?B?Q3JhaWc=?=, Aug 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,644
    =?Utf-8?B?RU5JWklO?= .enizin.net>
    Aug 10, 2005
  2. =?Utf-8?B?c3Rzb25n?=

    1.x FormsAuthentication.GetRedirectUrl doesn't redirect

    =?Utf-8?B?c3Rzb25n?=, Apr 10, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    1,184
    =?Utf-8?B?c3Rzb25n?=
    Apr 10, 2006
  3. Replies:
    6
    Views:
    1,680
    Coskun SUNALI [MVP]
    Feb 6, 2008
  4. Replies:
    2
    Views:
    1,807
  5. Danny
    Replies:
    0
    Views:
    139
    Danny
    Jun 17, 2004
Loading...

Share This Page