Timeouts: session and authentication

M

mircu

Hi,
I need a quick solution to make my application behave correctly when one
of these timeouts occurs. I have some logic in session_start but when
the authentication cookie timeouts the user is redirected to login page
and after successful login the session is not started. I'd like to have
one timeout and when it occurs the user must login and then the new
session is started. TIA.

Regards,
mircu
 
C

Craig Deelsnyder

Hi,
I need a quick solution to make my application behave correctly when one
of these timeouts occurs. I have some logic in session_start but when
the authentication cookie timeouts the user is redirected to login page
and after successful login the session is not started. I'd like to have
one timeout and when it occurs the user must login and then the new
session is started. TIA.

Regards,
mircu
Click to expand...
You have to watch out for when auth is OK, but session expires. This is
the really tricky situation. To check, just create a Session var of
your own when the session starts:

Session("tester") = 1

Then always test (on every page) whether that var is equal to 1; if not,
then you know the session is timed out, if needed, log them out of forms
auth and they have to login again.

If auth timeout happens first (or perhaps when they are for some reason
redirected to the login page), just Abandon the session, since it seems
you want to restart it with their login.

Also, if possible, set the timeouts for each to the same values (auth
and session timeouts) to help alleviate the chance of this.....
 
M

mircu

Craig said:
You have to watch out for when auth is OK, but session expires. This is
the really tricky situation. To check, just create a Session var of
your own when the session starts:

Session("tester") = 1

Then always test (on every page) whether that var is equal to 1; if not,
then you know the session is timed out, if needed, log them out of forms
auth and they have to login again.
Click to expand...

Thank you. I did something similiar already.
If auth timeout happens first (or perhaps when they are for some reason
redirected to the login page), just Abandon the session, since it seems
you want to restart it with their login.
Click to expand...

How to detect auth timeout? Check it on Application_BeginRequest?

After some investigation i've found something strange in the iis logs.
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 POST /app/MainWnd.aspx 302
10:21:46 127.0.0.1
QURRMEJFUUFBQUFVQUFBQUpGZ0FBQUFjQUFBQUhBQUFBRUJJQUFBQVFBQUFBQ1JjQUFBQUpCQUFBQUFrWkFBQUFEUTBCRXdBQUFB
/app/Login.aspx 403

It is after the session or auth timeouts. Why the login page gets status
403? It should be showed correctly and what is the string in the method
part in the logs (it looks like session id).

Regards,
mircu
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Forms Authentication and session timeout 0
timeout... session + forms authentication 2
Session timeouts and dynamic MasterPages 4
need two authentication timeouts for internal and external users 1
Q regarding forms authentication and timeouts 2
Form Authentication Login Redirect and Viewstate 1
Forms Authentication Redirecting to Login 1

Members online

No members online now.
Total: 38 (members: 0, guests: 38)
Robots: 502

Forum statistics

Threads
473,769
Messages
2,569,578
Members
45,052
Latest member
LucyCarper

Latest Threads

Top