formsauthentication timeout & session timeout

Discussion in 'ASP .Net' started by Guest, Aug 10, 2005.

  1. Guest

    Guest Guest

    I'm using FormsAuthentication. If the session restarts, obviously the
    session variables are cleared, but the security ticket is still active.
    Since I use variables in the Session to determine what data is displayed on
    the page (for example I store the username variable in Session and display
    the users specific data), I need to have either the security ticket signed
    out if/when the session restarts, so I can have the user sign in again, so
    that I can get the user specific data and place it in the Session object.
    Have I designed my application incorrectly?
    If this is an acceptable design, what is the solution?
     
    Guest, Aug 10, 2005
    #1
    1. Advertisements

  2. Guest

    Guest Guest

    A couple things you can do...

    1. If you are using the In-Process state server then you could probably put
    your code in the Session_End event and log the user out. When using
    out-of-process you don't have the Session_End event (it won't fire).

    2. Or, you probably have the username or customer key in the
    (HttpContext.Current.User.Identity.Name) value when you signed them in.

    FormsAuthenticationTicket(1, username,
    DateTime.Now,
    DateTime.Now.AddMinutes(60),
    false, string.Empty);

    You can use this to re-locate the user data from your database and rebuild
    the session.

    HTH
     
    Guest, Aug 10, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.