Session not ending?

Discussion in 'ASP .Net' started by Fabio Cavassini, Jan 18, 2006.

  1. I've got the following configuration in Web.config

    <authentication mode="Forms">
    <forms name=".ASPXCOOKIE" loginUrl="sigin.aspx" protection="All"
    timeout="30" path="/">
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    When I first try to get a page from the application (let's say ot.aspx)
    it redirects to the sigin.aspx page.

    Once logged I execute Session.Abandon

    Now, I can get the "ot.aspx" page again without having to sig in

    It would only ask me again to sigin until I close the browser, wht?

    Best Regards
    Fabio Cavassini
    http://www.pldsa.com
     
    Fabio Cavassini, Jan 18, 2006
    #1
    1. Advertising

  2. On your logout routine, redirect the person to a page. The session.abandon is
    not complete on the client side until you ask for another page, as it has to
    send a new session cookie (server cookie) to your browser. Until that point
    in time, you are still "authenticated".

    As a safety measure, you can add a handler that ensures only active
    credentials can access anything and, possibly, expire pages so the user, at
    best, gets those ugly "page no longer valid" pages.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    ***************************
    Think Outside the Box!
    ***************************


    "Fabio Cavassini" wrote:

    >
    > I've got the following configuration in Web.config
    >
    > <authentication mode="Forms">
    > <forms name=".ASPXCOOKIE" loginUrl="sigin.aspx" protection="All"
    > timeout="30" path="/">
    > </forms>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > When I first try to get a page from the application (let's say ot.aspx)
    > it redirects to the sigin.aspx page.
    >
    > Once logged I execute Session.Abandon
    >
    > Now, I can get the "ot.aspx" page again without having to sig in
    >
    > It would only ask me again to sigin until I close the browser, wht?
    >
    > Best Regards
    > Fabio Cavassini
    > http://www.pldsa.com
    >
    >
     
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN, Jan 18, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas Bindzau

    Re: ASPNET Session ending before time

    Thomas Bindzau, Jun 24, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,401
    Thomas Bindzau
    Jun 24, 2003
  2. =?Utf-8?B?RG9uYWxkIFNjb3R0?=

    Session ending prematurely - Forms Authentication

    =?Utf-8?B?RG9uYWxkIFNjb3R0?=, Jul 15, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    546
    =?Utf-8?B?RG9uYWxkIFNjb3R0?=
    Jul 20, 2005
  3. Mohun Biswas
    Replies:
    2
    Views:
    591
    Mohun Biswas
    Apr 15, 2004
  4. sarav

    ending a session in servlet

    sarav, Mar 19, 2006, in forum: Java
    Replies:
    1
    Views:
    493
    Andrea Desole
    Mar 20, 2006
  5. Big Daddy
    Replies:
    2
    Views:
    413
    Laurent Bugnion
    May 8, 2006
Loading...

Share This Page