Hi,
I have an asp.net web app whereby I authenticate the user with Forms
Authentication and store details about him in the session. I want to be able
to catch an event when the users authentication period expires but I can't
see any way to do this.
Currently I have set the forms authentication expiry shorter than the
session expiry because I don't want a user logged in if his session details
are invalid. I was thinking of setting the two timeouts to the same thing,
then I could catch the session_end event. However, to avoid the race
condition of having session_end happen before the forms authentication
timeout, I would want to force the user to get logged off in the session_end
event, but calling FormsAuthentica tion.SignOut() in the session_end event
would presumably not work. It's not really clear to me how the static
methods in FormsAuthentica tion get their context (i.e. when calling
SignOut() how does it know which user to sign out?)
It seems to me that most people using forms authentication would want to tie
the session period in with the authenticated period and avoiding all the
race conditions - has anyone found a sensible way to do this.
Andy 1 1676
as my experiences , if user's request is Authenticated, the user session
will never timeout, i dont why this happen too
"Andy Fish" <aj****@blueyon der.co.uk> дÈëÏûÏ¢ÐÂÎÅ
:ge************ *********@news-text.cableinet. net... Hi,
I have an asp.net web app whereby I authenticate the user with Forms Authentication and store details about him in the session. I want to be
able to catch an event when the users authentication period expires but I can't see any way to do this.
Currently I have set the forms authentication expiry shorter than the session expiry because I don't want a user logged in if his session
details are invalid. I was thinking of setting the two timeouts to the same thing, then I could catch the session_end event. However, to avoid the race condition of having session_end happen before the forms authentication timeout, I would want to force the user to get logged off in the
session_end event, but calling FormsAuthentica tion.SignOut() in the session_end event would presumably not work. It's not really clear to me how the static methods in FormsAuthentica tion get their context (i.e. when calling SignOut() how does it know which user to sign out?)
It seems to me that most people using forms authentication would want to
tie the session period in with the authenticated period and avoiding all the race conditions - has anyone found a sensible way to do this.
Andy
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.
I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
|
by: sushi |
last post by:
Hello,
I have an web site which uses forms authentication. The
application uses frames. When the authentication time out occurs and if we
click on any one of the frames, each individual pages shows login page.
Is there any way out to show login page in whole page and not in
each individual frames. Else if there any event which is called when the
authentication cookie expires.
Thanks,
|
by: Ian Walsh |
last post by:
I'm using forms authentication within a C# project.
I am using the standard code where a user attempts to access a page
when they are not logged into the system.
I am collecting a username / password and comparing this against a
SQLServer to authenticate the user. This all works fine if the user
already exist.
I also have a create account area that is not secured on my site. I
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
|
by: Joey Powell |
last post by:
This message was originally posted to the aspnet.security newsgroup,
but no one there has ever heard of this before. That is why I am
posting this message here, so that more people will see it...
On my asp.net application, suddenly the forms authentication cookies
for clients have quit expiring. This results in users being able to
access the site from day to day without having to log in, even if
their
browers are closed and reopened...
| |
by: Bijoy Naick |
last post by:
I have a folder on my site secured with Forms Authentication. After the user
is authenticated, I set a session level variable.
The session time on the server is set to 20 mins. I am guessing the default
expiry time for the Forms Authentication cookie is 30 mins? Is this correct?
So after 20 mins, the session expires (assuming no user activity), but
because the forms auth cookie is still alive, users are not redirected to
the login...
|
by: robert |
last post by:
I have noticed in .net 2 that when authenticating a user, setting the
cookie using either redirectfromloginpage or setauthcookie, specifying
true for the persistent parameter that the cookie is persistent with an
expiry time of 30 minutes from now, unless you have specified a timeout
attribute in the forms element in the web.config. Quoting from msdn:
"timeout:
Optional attribute.
Specifies the time, in integer minutes, after which...
|
by: D Giles |
last post by:
Have found many solutions on this forum to get to this point so finally registered.
I have a form which should load 17 forms.
Private Sub Form_Load()
On Error GoTo Err_Form_Load
DoCmd.Minimize
DoCmd.OpenForm "Reminder Lease Expiry 6mth", acNormal
DoCmd.OpenForm "Reminder Lease Expiry 2mth", acNormal
DoCmd.OpenForm "Reminder Renewal 6mth", acNormal
DoCmd.OpenForm "Reminder Renewal 2mth", acNormal
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the creation of content which adjusts based
on the user.
I have several pages which require a user to be logged on and several which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |