Proper session timeout

N

No One

I have a web app that uses forms authentication. When sessions timeout,
the user is not automatically redirected to the login page. Instead,
they see an error message about object references not being set. These
errors occur in the C# code behind. I also have to manually redirect
users that are not logged in. Does ASP.Net support sessions properly
out of the box (I have the web.config set to use forms authentication)
or do I have to role my own Session checking scheme to get users to the
login page?
 
N

No One

No said:
I have a web app that uses forms authentication. When sessions timeout,
the user is not automatically redirected to the login page. Instead,
they see an error message about object references not being set. These
errors occur in the C# code behind. I also have to manually redirect
users that are not logged in. Does ASP.Net support sessions properly
out of the box (I have the web.config set to use forms authentication)
or do I have to role my own Session checking scheme to get users to the
login page?
Click to expand...

The interesting parts of my web.config file:

<authentication mode="Forms">
<forms name=".LoginForm" loginUrl="Login.aspx"
protection="All" timeout="30"/>
</authentication>

<machineKey validationKey="AutoGenerate"
decryptionKey="AutoGenerate" validation="SHA1"/>

<authorization>
<allow users="*"/>
</authorization>
 
P

Patrick Olurotimi Ige

If u check ur Web.Config..U will notice u have 20 minutes session
timeout my default!!
Try posting ur Web.config ..

Your Authentication element should like this and unauthenticated users
are suppose to be redirected to this page
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="adAuthCookie" timeout="2"
path="/" protection="All">
</forms>
</authentication>

Hope this helps.
Patrick
 
D

Daniel Ansari

The <forms> element in <authentication> section has a timeout attribute -
this is actually the timeout for the authentication ticket, and it sounds
like this is the one you've got set.

The session has a separate timeout specified in the <sessionState> element
in <system.web>.

This thing had me stumped for a long time.

Regards,
Daniel
 
N

No One

I have that too.

<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20"/>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms timeout, Session timeout 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Session Timeout isn't working correctly. 6
Session Timeout, not working 2
Questions About Session Timeout 4
Session Timeout 4
Session timeout 2
session timeout? 4

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 195

Forum statistics

Threads
473,774
Messages
2,569,598
Members
45,160
Latest member
CollinStri

Latest Threads

Top