S
Sulaiman
Usually, when the Session State has expired, the user is redirected into a
login page or an error page saying that they need to reauthenticate. This can
be done by adding refresh response for every request that get sent to the web
application.
Say something like
Refresh 1200 Http://CheckAuth.aspx
And the CheckAuth.aspx will check whether the assigned cookies is still
valid and if not they will redirect into the right page.
The problem with this kind of method is that a nasty user can modify the
refresh response to say 120000 make it the redirection ineffective (although
I realised that session state is maintained in the server - so even after 20
minutes (1200) the client still need to reauthenthicate...)
So I was wondering, is it possible get response from the server? So say
after 20 minutes, the server send a request to redirect the user into a right
page instead of embedded it on "Refresh" tag on the response traffic when the
client request for something.
login page or an error page saying that they need to reauthenticate. This can
be done by adding refresh response for every request that get sent to the web
application.
Say something like
Refresh 1200 Http://CheckAuth.aspx
And the CheckAuth.aspx will check whether the assigned cookies is still
valid and if not they will redirect into the right page.
The problem with this kind of method is that a nasty user can modify the
refresh response to say 120000 make it the redirection ineffective (although
I realised that session state is maintained in the server - so even after 20
minutes (1200) the client still need to reauthenthicate...)
So I was wondering, is it possible get response from the server? So say
after 20 minutes, the server send a request to redirect the user into a right
page instead of embedded it on "Refresh" tag on the response traffic when the
client request for something.