What to do with Authentication/Session Timeout?

Discussion in 'ASP .Net' started by Simon Says, Nov 18, 2006.

  1. Simon Says

    Simon Says Guest

    Hi,

    I've a login page in which after authenticating it via the Oracle DB, I will
    stored the user information into the Session. However, when the Session
    timeout occurs, all of the user information will be lost.

    I've tried doing a Reponse.Redirect call back to my login page whenever I
    detected the Session is null, but I kept getting the exception saying "...
    Redirect not all in Page Callback".

    Could anyone give me some pointer how I should approach this issue.

    Thanks,
    Simon
    Simon Says, Nov 18, 2006
    #1
    1. Advertising

  2. Simon Says

    Mark Rae Guest

    "Simon Says" <> wrote in message
    news:...

    > I've a login page in which after authenticating it via the Oracle DB, I
    > will stored the user information into the Session. However, when the
    > Session timeout occurs, all of the user information will be lost.
    >
    > I've tried doing a Reponse.Redirect call back to my login page whenever I
    > detected the Session is null, but I kept getting the exception saying "...
    > Redirect not all in Page Callback".
    >
    > Could anyone give me some pointer how I should approach this issue.


    Have you tried Server.Transfer instead of Response.Redirect...?
    Mark Rae, Nov 18, 2006
    #2
    1. Advertising

  3. Simon Says

    Simon Says Guest

    Yes. Tried that and am still getting the same error message.

    I've alot of client side javascripting in my code. I placed my Redirect call
    in the Page_Load event in the .vb code. When the javascript code triggered
    the Redirect, I'll have the error. But, when I execute a server control
    event, like a clicking a button that do a postback, my Redirect works fine.

    --Simon


    "Mark Rae" <> wrote in message
    news:...
    > "Simon Says" <> wrote in message
    > news:...
    >
    >> I've a login page in which after authenticating it via the Oracle DB, I
    >> will stored the user information into the Session. However, when the
    >> Session timeout occurs, all of the user information will be lost.
    >>
    >> I've tried doing a Reponse.Redirect call back to my login page whenever I
    >> detected the Session is null, but I kept getting the exception saying
    >> "... Redirect not all in Page Callback".
    >>
    >> Could anyone give me some pointer how I should approach this issue.

    >
    > Have you tried Server.Transfer instead of Response.Redirect...?
    >
    Simon Says, Nov 18, 2006
    #3
  4. Simon Says

    Mark Rae Guest

    "Simon Says" <> wrote in message
    news:...

    > I've alot of client side javascripting in my code.


    OK.

    > I placed my Redirect call in the Page_Load event in the .vb code.


    Ah - that might explain it...Does your page have other Page events (e.g.
    Page_Init, Page_Prerender, Page_Unload etc)...

    I've encountered similar issues with Response.Redirect - e.g. if you place
    Response.Redirect in your Page_Init method, the Page_Load method will still
    fire, but if you use Server.Transfer, the transfer will happen
    immediately...

    > When the javascript code triggered the Redirect, I'll have the error.


    ??? What do you mean exactly - how is your client-side JavaScript making a
    call to Response.Redirect...?

    Generally speaking, I do all of this stuff in a base class which all pages
    inherit, or which the MasterPage(s) inherit(s):

    public class BaseMasterEvents : Page
    {
    public BaseMasterEvents()
    {
    this.PreInit += new EventHandler(BaseMaster_PreInit);
    }

    private void BaseMaster_PreInit(object sender, EventArgs e)
    {
    if (Session.IsNewSession)
    {
    Server.Transfer("~/sessionTimedOut.htm", false);
    }
    }
    }
    Mark Rae, Nov 18, 2006
    #4
  5. Simon Says

    Simon Says Guest

    Yes. My page does has Page_init, and Page_Load events.

    I'm working with some controls with AJAX functionality. Basically the tree
    node click, in AJAX, will invoke a grid event in the server side to query
    from DB, and display out the results ... all without having the page to
    refresh. But, the page events still follows as if it's a postback action.So
    .... when I do a tree node click, it will
    1. Page_init
    2. Page_load
    3. grid_InitializeDataSource (this query the DB)
    4. Page_init
    5. Page_load

    I've placed my session checking in the Page_Init event, and tried both
    Redirect and Server.Transfer; and both giving me the same exception. I've
    also tried your suggestion and do it in my master page PreInit event, and
    I'm also getting the same exception.

    I got desparate and tried ClientScript.RegisterStartUpScript to do a
    "window.location.replace(login.aspx)" and it too doesn't do anything.

    --Simon


    "Mark Rae" <> wrote in message
    news:Op59$...
    > "Simon Says" <> wrote in message
    > news:...
    >
    >> I've alot of client side javascripting in my code.

    >
    > OK.
    >
    >> I placed my Redirect call in the Page_Load event in the .vb code.

    >
    > Ah - that might explain it...Does your page have other Page events (e.g.
    > Page_Init, Page_Prerender, Page_Unload etc)...
    >
    > I've encountered similar issues with Response.Redirect - e.g. if you place
    > Response.Redirect in your Page_Init method, the Page_Load method will
    > still fire, but if you use Server.Transfer, the transfer will happen
    > immediately...
    >
    >> When the javascript code triggered the Redirect, I'll have the error.

    >
    > ??? What do you mean exactly - how is your client-side JavaScript making a
    > call to Response.Redirect...?
    >
    > Generally speaking, I do all of this stuff in a base class which all pages
    > inherit, or which the MasterPage(s) inherit(s):
    >
    > public class BaseMasterEvents : Page
    > {
    > public BaseMasterEvents()
    > {
    > this.PreInit += new EventHandler(BaseMaster_PreInit);
    > }
    >
    > private void BaseMaster_PreInit(object sender, EventArgs e)
    > {
    > if (Session.IsNewSession)
    > {
    > Server.Transfer("~/sessionTimedOut.htm", false);
    > }
    > }
    > }
    >
    >
    >
    Simon Says, Nov 18, 2006
    #5
  6. Simon Says

    Mat Guest

    why dont you increase the timeout in web.config?

    "Simon Says" <> wrote in message
    news:...
    > Hi,
    >
    > I've a login page in which after authenticating it via the Oracle DB, I
    > will stored the user information into the Session. However, when the
    > Session timeout occurs, all of the user information will be lost.
    >
    > I've tried doing a Reponse.Redirect call back to my login page whenever I
    > detected the Session is null, but I kept getting the exception saying "...
    > Redirect not all in Page Callback".
    >
    > Could anyone give me some pointer how I should approach this issue.
    >
    > Thanks,
    > Simon
    >
    Mat, Nov 18, 2006
    #6
  7. Simon Says

    Mark Rae Guest

    "Simon Says" <> wrote in message
    news:%...

    > Yes. My page does has Page_init, and Page_Load events.


    Ah...

    > I'm working with some controls with AJAX functionality. Basically the tree
    > node click, in AJAX, will invoke a grid event in the server side to query
    > from DB, and display out the results ... all without having the page to
    > refresh. But, the page events still follows as if it's a postback
    > action.So ... when I do a tree node click, it will
    > 1. Page_init
    > 2. Page_load
    > 3. grid_InitializeDataSource (this query the DB)
    > 4. Page_init
    > 5. Page_load


    You appear to be loading the page twice - why do steps 4 and 5 occur?

    > I've placed my session checking in the Page_Init event, and tried both
    > Redirect and Server.Transfer; and both giving me the same exception. I've
    > also tried your suggestion and do it in my master page PreInit event, and
    > I'm also getting the same exception.


    Hmm - MasterPages don't have a PreInit event, so I'm assuming you're doing
    the same Page inheritance stuff as I am...

    I'm starting to run out of ideas now...
    Mark Rae, Nov 18, 2006
    #7
  8. Simon Says

    Mark Rae Guest

    "Mat" <> wrote in message
    news:xoD7h.75254$...

    > why dont you increase the timeout in web.config?


    ROTFLMAO!!!

    When you get a warning light in your car, do you just do the Homer Simpson
    fix by putting a strip of tape over it...?
    Mark Rae, Nov 18, 2006
    #8
  9. Simon Says

    Simon Says Guest

    Well ... coz my boss disagree to it :)

    I'm using a longer timeout for a temp. fix now, but ... the site just feels
    more professional if it can re-direct whenever the timeout occurs.

    "Mat" <> wrote in message
    news:xoD7h.75254$...
    > why dont you increase the timeout in web.config?
    >
    > "Simon Says" <> wrote in message
    > news:...
    >> Hi,
    >>
    >> I've a login page in which after authenticating it via the Oracle DB, I
    >> will stored the user information into the Session. However, when the
    >> Session timeout occurs, all of the user information will be lost.
    >>
    >> I've tried doing a Reponse.Redirect call back to my login page whenever I
    >> detected the Session is null, but I kept getting the exception saying
    >> "... Redirect not all in Page Callback".
    >>
    >> Could anyone give me some pointer how I should approach this issue.
    >>
    >> Thanks,
    >> Simon
    >>

    >
    >
    Simon Says, Nov 18, 2006
    #9
  10. Hi,

    Simon Says wrote:

    > I've a login page in which after authenticating it via the Oracle DB, I will
    > stored the user information into the Session. However, when the Session
    > timeout occurs, all of the user information will be lost.
    >
    > I've tried doing a Reponse.Redirect call back to my login page whenever I
    > detected the Session is null, but I kept getting the exception saying "...
    > Redirect not all in Page Callback".


    maybe I misunderstand something, but have you tried something like:

    If Session("User") Is Nothing then
    FormsAuthentication.SignOut()
    FormsAuthentication.RedirectToLoginPage()
    Return
    End If

    Cheers,
    Olaf
    --
    My .02: www.Resources.IntuiDev.com
    Olaf Rabbachin, Nov 18, 2006
    #10
  11. Simon Says

    Simon Says Guest

    I think step 4 and 5 occurs coz the initializeDataSource event. In step 3, I
    got the dataset and stored it in the Cache, then in Step5, I assigned the
    dataset from the Cache and blind it to my grid.

    Ya ... I've the PreInit in the child page; not in the master page.

    Man ... this web development thinggy is not as easy as I though. Thanks for
    all your ideas though.


    "Mark Rae" <> wrote in message
    news:...
    > "Simon Says" <> wrote in message
    > news:%...
    >
    >> Yes. My page does has Page_init, and Page_Load events.

    >
    > Ah...
    >
    >> I'm working with some controls with AJAX functionality. Basically the
    >> tree node click, in AJAX, will invoke a grid event in the server side to
    >> query from DB, and display out the results ... all without having the
    >> page to refresh. But, the page events still follows as if it's a postback
    >> action.So ... when I do a tree node click, it will
    >> 1. Page_init
    >> 2. Page_load
    >> 3. grid_InitializeDataSource (this query the DB)
    >> 4. Page_init
    >> 5. Page_load

    >
    > You appear to be loading the page twice - why do steps 4 and 5 occur?
    >
    >> I've placed my session checking in the Page_Init event, and tried both
    >> Redirect and Server.Transfer; and both giving me the same exception. I've
    >> also tried your suggestion and do it in my master page PreInit event, and
    >> I'm also getting the same exception.

    >
    > Hmm - MasterPages don't have a PreInit event, so I'm assuming you're doing
    > the same Page inheritance stuff as I am...
    >
    > I'm starting to run out of ideas now...
    >
    Simon Says, Nov 18, 2006
    #11
  12. Simon Says

    Mark Rae Guest

    "Simon Says" <> wrote in message
    news:...

    >I think step 4 and 5 occurs coz the initializeDataSource event.


    Nope - something is causing your page to load twice...

    > In step 3, I got the dataset and stored it in the Cache, then in Step5, I
    > assigned the dataset from the Cache and blind it to my grid.


    That's surely not right...you must be loading the page twice...

    Why do you need to store the dataset in Cache?
    Mark Rae, Nov 18, 2006
    #12
  13. re:
    > Man ... this web development thinggy is not as easy as I though.


    I have to chuckle a bit at that. We *all* went through that phase.

    Don't let it faze you.

    A correct assessment of the difficulties involved in learning
    anything is often the first step towards mastering a subject.

    The worst thing anybody could do is underestimate a challenge.

    Take things one day at a time.
    Solve today's problem's today, and let tomorrow's problems be solved tomorrow.

    Carry on. You'll do fine with your kind of attitude.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "Simon Says" <> wrote in message news:...
    >I think step 4 and 5 occurs coz the initializeDataSource event. In step 3, I got the dataset and
    >stored it in the Cache, then in Step5, I assigned the dataset from the Cache and blind it to my
    >grid.
    >
    > Ya ... I've the PreInit in the child page; not in the master page.
    >
    > Man ... this web development thinggy is not as easy as I though. Thanks for all your ideas though.
    >
    >
    > "Mark Rae" <> wrote in message news:...
    >> "Simon Says" <> wrote in message
    >> news:%...
    >>
    >>> Yes. My page does has Page_init, and Page_Load events.

    >>
    >> Ah...
    >>
    >>> I'm working with some controls with AJAX functionality. Basically the tree node click, in AJAX,
    >>> will invoke a grid event in the server side to query from DB, and display out the results ...
    >>> all without having the page to refresh. But, the page events still follows as if it's a postback
    >>> action.So ... when I do a tree node click, it will
    >>> 1. Page_init
    >>> 2. Page_load
    >>> 3. grid_InitializeDataSource (this query the DB)
    >>> 4. Page_init
    >>> 5. Page_load

    >>
    >> You appear to be loading the page twice - why do steps 4 and 5 occur?
    >>
    >>> I've placed my session checking in the Page_Init event, and tried both Redirect and
    >>> Server.Transfer; and both giving me the same exception. I've also tried your suggestion and do
    >>> it in my master page PreInit event, and I'm also getting the same exception.

    >>
    >> Hmm - MasterPages don't have a PreInit event, so I'm assuming you're doing the same Page
    >> inheritance stuff as I am...
    >>
    >> I'm starting to run out of ideas now...
    >>

    >
    >
    Juan T. Llibre, Nov 18, 2006
    #13
  14. Simon Says

    Simon Says Guest

    Well ... even if it load twice ... in the 1st Load or Init, my Redirect or
    Server.Transfer should work; but they are giving me the same Callback
    exception. Right?

    Sorry ... I use the Session to store my dataset, not the Cache. The reason
    I'm storing it is because if the dataset already exist, I'll not requery the
    DB again.


    "Mark Rae" <> wrote in message
    news:...
    > "Simon Says" <> wrote in message
    > news:...
    >
    >>I think step 4 and 5 occurs coz the initializeDataSource event.

    >
    > Nope - something is causing your page to load twice...
    >
    >> In step 3, I got the dataset and stored it in the Cache, then in Step5, I
    >> assigned the dataset from the Cache and blind it to my grid.

    >
    > That's surely not right...you must be loading the page twice...
    >
    > Why do you need to store the dataset in Cache?
    >
    Simon Says, Nov 18, 2006
    #14
  15. Simon Says

    Simon Says Guest

    Thanks for the encourgement Juan. It's just that working on the weekend
    makes me a little cranky :)

    "Juan T. Llibre" <> wrote in message
    news:...
    > re:
    >> Man ... this web development thinggy is not as easy as I though.

    >
    > I have to chuckle a bit at that. We *all* went through that phase.
    >
    > Don't let it faze you.
    >
    > A correct assessment of the difficulties involved in learning
    > anything is often the first step towards mastering a subject.
    >
    > The worst thing anybody could do is underestimate a challenge.
    >
    > Take things one day at a time.
    > Solve today's problem's today, and let tomorrow's problems be solved
    > tomorrow.
    >
    > Carry on. You'll do fine with your kind of attitude.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ===================================
    > "Simon Says" <> wrote in message
    > news:...
    >>I think step 4 and 5 occurs coz the initializeDataSource event. In step 3,
    >>I got the dataset and stored it in the Cache, then in Step5, I assigned
    >>the dataset from the Cache and blind it to my grid.
    >>
    >> Ya ... I've the PreInit in the child page; not in the master page.
    >>
    >> Man ... this web development thinggy is not as easy as I though. Thanks
    >> for all your ideas though.
    >>
    >>
    >> "Mark Rae" <> wrote in message
    >> news:...
    >>> "Simon Says" <> wrote in message
    >>> news:%...
    >>>
    >>>> Yes. My page does has Page_init, and Page_Load events.
    >>>
    >>> Ah...
    >>>
    >>>> I'm working with some controls with AJAX functionality. Basically the
    >>>> tree node click, in AJAX, will invoke a grid event in the server side
    >>>> to query from DB, and display out the results ... all without having
    >>>> the page to refresh. But, the page events still follows as if it's a
    >>>> postback action.So ... when I do a tree node click, it will
    >>>> 1. Page_init
    >>>> 2. Page_load
    >>>> 3. grid_InitializeDataSource (this query the DB)
    >>>> 4. Page_init
    >>>> 5. Page_load
    >>>
    >>> You appear to be loading the page twice - why do steps 4 and 5 occur?
    >>>
    >>>> I've placed my session checking in the Page_Init event, and tried both
    >>>> Redirect and Server.Transfer; and both giving me the same exception.
    >>>> I've also tried your suggestion and do it in my master page PreInit
    >>>> event, and I'm also getting the same exception.
    >>>
    >>> Hmm - MasterPages don't have a PreInit event, so I'm assuming you're
    >>> doing the same Page inheritance stuff as I am...
    >>>
    >>> I'm starting to run out of ideas now...
    >>>

    >>
    >>

    >
    >
    Simon Says, Nov 18, 2006
    #15
  16. Simon Says

    Simon Says Guest

    Yes. I've tried that too, and it also gives me the same Callback exception.
    I tried, in my web.config, to have the following statement ...

    <authentication mode="Forms">
    <forms loginUrl="login.aspx" timeout="10" />
    </authentication>

    When timeout occurs, the page still doesn't redirect itself to the login
    page. However, I tried adding in a button that does nothing, and when time
    out occurs, clicking on the button will triggers a postback in which it will
    redirect to the login page. This is the closest I got, but it doesn't solve
    my problem because in my website, in most cases, the session will timeout
    when user does a AJAX/javascript/client-side action (like a tree node
    click).


    "Olaf Rabbachin" <> wrote in message
    news:...
    > Hi,
    >
    > Simon Says wrote:
    >
    >> I've a login page in which after authenticating it via the Oracle DB, I
    >> will
    >> stored the user information into the Session. However, when the Session
    >> timeout occurs, all of the user information will be lost.
    >>
    >> I've tried doing a Reponse.Redirect call back to my login page whenever I
    >> detected the Session is null, but I kept getting the exception saying
    >> "...
    >> Redirect not all in Page Callback".

    >
    > maybe I misunderstand something, but have you tried something like:
    >
    > If Session("User") Is Nothing then
    > FormsAuthentication.SignOut()
    > FormsAuthentication.RedirectToLoginPage()
    > Return
    > End If
    >
    > Cheers,
    > Olaf
    > --
    > My .02: www.Resources.IntuiDev.com
    Simon Says, Nov 18, 2006
    #16
  17. Simon Says

    Mark Rae Guest

    "Simon Says" <> wrote in message
    news:...

    > Well ... even if it load twice ... in the 1st Load or Init, my Redirect or
    > Server.Transfer should work; but they are giving me the same Callback
    > exception. Right?


    Without knowing why it's failing, it's impossible to say... However, there
    really should be no need for the page to be loading twice - that should
    certainly be addressed...

    > Sorry ... I use the Session to store my dataset, not the Cache.


    Aha - think we might be getting somewhere now...

    You're persisting a dataset in Session, which is fine for data which
    (almost) never changes, but your app is failing when the Session times out.

    Could it possibly be that your page is trying to reference the dataset held
    in Session BEFORE it determines that the Session has timed out...?
    Mark Rae, Nov 18, 2006
    #17
  18. Simon Says

    Simon Says Guest

    Nope ... I have my checking in the very 1st line, therefore, if there's a
    session timeout, it will never reach to the line where it's referencing the
    dataset in the Session.


    "Mark Rae" <> wrote in message
    news:%...
    > "Simon Says" <> wrote in message
    > news:...
    >
    >> Well ... even if it load twice ... in the 1st Load or Init, my Redirect
    >> or Server.Transfer should work; but they are giving me the same Callback
    >> exception. Right?

    >
    > Without knowing why it's failing, it's impossible to say... However, there
    > really should be no need for the page to be loading twice - that should
    > certainly be addressed...
    >
    >> Sorry ... I use the Session to store my dataset, not the Cache.

    >
    > Aha - think we might be getting somewhere now...
    >
    > You're persisting a dataset in Session, which is fine for data which
    > (almost) never changes, but your app is failing when the Session times
    > out.
    >
    > Could it possibly be that your page is trying to reference the dataset
    > held in Session BEFORE it determines that the Session has timed out...?
    >
    Simon Says, Nov 18, 2006
    #18
  19. Hi,

    Juan T. Llibre wrote:

    >> Man ... this web development thinggy is not as easy as I though.

    >
    > I have to chuckle a bit at that. We *all* went through that phase.
    > [...]
    > Carry on. You'll do fine with your kind of attitude.


    thanks from me as well - guess Simon and me are in the same boat (and no
    shore in sight yet :) ... But hey, apart from all the hassle I'm still
    having lots of fun with it, and learning something new every day isn't bad
    either.

    Cheers,
    Olaf
    --
    My .02: www.Resources.IntuiDev.com
    Olaf Rabbachin, Nov 18, 2006
    #19
  20. Hi,

    Simon Says wrote:

    > Yes. I've tried that too, and it also gives me the same Callback exception.
    > I tried, in my web.config, to have the following statement ...
    >
    > <authentication mode="Forms">
    > <forms loginUrl="login.aspx" timeout="10" />
    > </authentication>
    >
    > When timeout occurs, the page still doesn't redirect itself to the login
    > page. However, I tried adding in a button that does nothing, and when time
    > out occurs, clicking on the button will triggers a postback in which it will
    > redirect to the login page. This is the closest I got, but it doesn't solve
    > my problem because in my website, in most cases, the session will timeout
    > when user does a AJAX/javascript/client-side action (like a tree node
    > click).


    hmm. I haven't ever (which isn't all that long anyway) used a
    timeout-attribute within the authentication-tag. In my web.config, I'm
    setting the timeout within my sessionState-tag, as in:
    <sessionState mode="InProc" timeout="20"/>
    As an alternative, you might also set the timeout for your application
    within your website's IIS-settings. But I guess that won't make any
    difference ...

    Cheers,
    Olaf
    --
    My .02: www.Resources.IntuiDev.com
    Olaf Rabbachin, Nov 18, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Do
    Replies:
    2
    Views:
    6,361
  2. bruce barker

    Re: ASPX Page Timeout - Session Timeout

    bruce barker, Jul 20, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    11,109
    ASP.Confused
    Jul 20, 2004
  3. =?Utf-8?B?Q3JhaWc=?=

    formsauthentication timeout & session timeout

    =?Utf-8?B?Q3JhaWc=?=, Aug 10, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,641
    =?Utf-8?B?RU5JWklO?= .enizin.net>
    Aug 10, 2005
  4. =?Utf-8?B?Um9iSEs=?=
    Replies:
    4
    Views:
    5,267
    =?Utf-8?B?Um9iSEs=?=
    Apr 11, 2007
  5. Mark Probert

    Timeout::timeout and Socket timeout

    Mark Probert, Oct 6, 2004, in forum: Ruby
    Replies:
    1
    Views:
    1,279
    Brian Candler
    Oct 6, 2004
Loading...

Share This Page