M
Marcio Kleemann
I'm using FormsAuthentication for an asp.net app. I would like the user to
be re-authenticated (redirected to the login page) if there is not activity
after a certain period of time. So I'm using Session.Timeout to set a
timeout period, and on Session_End() I call FormsAuthentication.SignOut.
My main problem is that after SignOut, the re-authentication does not
occur - I can still access the pages of the app as if I'm still
authenticated. Another interesting thing is that in Session_End I also
called Session.Clear(), but when the page posts back it can still access the
values that were previously stored in session variables. It's as if the
session never expired and the variables did not get cleared. I have a
breakpoint on Session_End, so I know that those functions are being called.
I'm new to this, so I'm wondering what I might be doing wrong. I'd
appreciate pointing me in the right direction, or to articles that go over
this in more detail.
Thanks
be re-authenticated (redirected to the login page) if there is not activity
after a certain period of time. So I'm using Session.Timeout to set a
timeout period, and on Session_End() I call FormsAuthentication.SignOut.
My main problem is that after SignOut, the re-authentication does not
occur - I can still access the pages of the app as if I'm still
authenticated. Another interesting thing is that in Session_End I also
called Session.Clear(), but when the page posts back it can still access the
values that were previously stored in session variables. It's as if the
session never expired and the variables did not get cleared. I have a
breakpoint on Session_End, so I know that those functions are being called.
I'm new to this, so I'm wondering what I might be doing wrong. I'd
appreciate pointing me in the right direction, or to articles that go over
this in more detail.
Thanks