formsauthentication timeout & session timeout

G

Guest

I'm using FormsAuthentication. If the session restarts, obviously the
session variables are cleared, but the security ticket is still active.
Since I use variables in the Session to determine what data is displayed on
the page (for example I store the username variable in Session and display
the users specific data), I need to have either the security ticket signed
out if/when the session restarts, so I can have the user sign in again, so
that I can get the user specific data and place it in the Session object.
Have I designed my application incorrectly?
If this is an acceptable design, what is the solution?
 
G

Guest

A couple things you can do...

1. If you are using the In-Process state server then you could probably put
your code in the Session_End event and log the user out. When using
out-of-process you don't have the Session_End event (it won't fire).

2. Or, you probably have the username or customer key in the
(HttpContext.Current.User.Identity.Name) value when you signed them in.

FormsAuthenticationTicket(1, username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, string.Empty);

You can use this to re-locate the user data from your database and rebuild
the session.

HTH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FormsAuthentication 2
Session Timeout 13
Session Timeout Security Risk? 2
Forms Authentication and session timeout 0
Timeout 5
Session Timeout 3
inconsistent timeout periods 1
FormsAuthentication redirect after timeout 2

Members online

Total: 31 (members: 1, guests: 30)
Robots: 226

Forum statistics

Threads
473,756
Messages
2,569,540
Members
45,025
Latest member
KetoRushACVFitness

Latest Threads

Top