how to sign out forms authentication on session end

Discussion in 'ASP .Net Security' started by Dominick Baier, Oct 11, 2006.

  1. You could handle the Session_End event in global.asax (this works only for
    inproc sessions) and call FormsAuthentication.SignOut()

    Also sync the forms and session cookie timeout.

    I know that SignOut has issues but for what you want to achieve this should
    work.

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > I will keep this short and sweet.
    > I am using the default session (inproc) and forms authentication.
    > When a user looses session (for whatever reason) I want that to cause
    > them
    > to loose forms authentication also. I want them to be sent to the
    > forms
    > authentication login screen when they loose their session.
    > I've poked at it a few different ways, but the fact that I really
    > don't know
    > how to do this properly is keeping it from working correctly. The
    > closest
    > I've gotten is to put logic in my base page class, that most pages
    > inherit
    > from, that checks the session and manually kills forms authentication
    > when
    > the page loads
     
    Dominick Baier, Oct 11, 2006
    #1
    1. Advertising

  2. Dominick Baier

    JohnDeHope3 Guest

    I will keep this short and sweet.
    I am using the default session (inproc) and forms authentication.
    When a user looses session (for whatever reason) I want that to cause them
    to loose forms authentication also. I want them to be sent to the forms
    authentication login screen when they loose their session.
    I've poked at it a few different ways, but the fact that I really don't know
    how to do this properly is keeping it from working correctly. The closest
    I've gotten is to put logic in my base page class, that most pages inherit
    from, that checks the session and manually kills forms authentication when
    the page loads.
     
    JohnDeHope3, Oct 11, 2006
    #2
    1. Advertising

  3. Dominick Baier

    JohnDeHope3 Guest

    "You could handle the Session_End event in global.asax (this works only for
    inproc sessions) and call FormsAuthentication.SignOut()"
    Surprisingly this did nothing at all. I also tries doing the same thing in
    Session.Start, but again it did nothing.

    "Also sync the forms and session cookie timeout."
    This only solves the problem when the session times out. I also want to
    handle it when the session is lost for other reasons too. Also such
    coordination is shaky at best, the two (session and authentication) aren't
    actually synchronized, they just kind of appear to be. I want to *know* that
    the authentication will be lost when the session is.
     
    JohnDeHope3, Oct 11, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,488
    Tommy
    Feb 13, 2004
  2. Keith Selbee

    How to sign out using forms authentication?

    Keith Selbee, May 15, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    433
    Mike McIntyre [MVP]
    May 15, 2004
  3. Phil Winstanley [Microsoft MVP]

    Re: How to sign out using forms authentication?

    Phil Winstanley [Microsoft MVP], May 15, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    2,123
    clintonG
    May 15, 2004
  4. jct

    Forms Authentication - Single Sign-On

    jct, Jan 18, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    168
  5. Eric
    Replies:
    2
    Views:
    547
Loading...

Share This Page