I am using forms authentication for a web application.
Like many other member web application, my web application prints out
Welcome! John Doe (Logout)
on the top right corner of each protected page.
But, pages can still be visited by following the links in the web
application after a session has timed out, data can still be retrieved
from the database. I know the session has timed out because at the
top right corner I only see
Welcome! (Logout)
However, when a user explicitly signs out by clicking on Logout,
protected pages are no longer accessible, and they'll be redirected to
Login.aspx.
The code-behind of my logout page is this:
public partial class Logout : System.Web.UI.P age
{
protected void Page_Load(objec t sender, EventArgs e)
{
Session["UserName"] = "Junk user name";
Session.Abandon ();
FormsAuthentica tion.SignOut();
Response.Redire ct("Login.aspx" );
}
}
I did the same thing in global.asax's Session_End method like so:
void Session_End(obj ect sender, EventArgs e)
{
Session.Abandon ();
FormsAuthentica tion.SignOut();
Response.Redire ct("Login.aspx" );
}
I am wondering how I can really protect the protected pages when a
session has timed out. I must have missed something in this
authentication scheme. Please kindly give me a hint. Thanks.
1  5730 
authentication and session are unrelated and perform different
functions. they commonly have the same timeout but don't have to match.
also while sessions (if inproc) can recycle before the timeout,
authentication doesn't.
in your case it seems session are recycling. check the log for why the
recycle.
-- bruce (sqlwork.com)
gnewsgroup wrote:
I am using forms authentication for a web application.
Like many other member web application, my web application prints out
Welcome! John Doe (Logout)
on the top right corner of each protected page.
But, pages can still be visited by following the links in the web
application after a session has timed out, data can still be retrieved
from the database. I know the session has timed out because at the
top right corner I only see
Welcome! (Logout)
However, when a user explicitly signs out by clicking on Logout,
protected pages are no longer accessible, and they'll be redirected to
Login.aspx.
The code-behind of my logout page is this:
public partial class Logout : System.Web.UI.P age
{
protected void Page_Load(objec t sender, EventArgs e)
{
Session["UserName"] = "Junk user name";
Session.Abandon ();
FormsAuthentica tion.SignOut();
Response.Redire ct("Login.aspx" );
}
}
I did the same thing in global.asax's Session_End method like so:
void Session_End(obj ect sender, EventArgs e)
{
Session.Abandon ();
FormsAuthentica tion.SignOut();
Response.Redire ct("Login.aspx" );
}
I am wondering how I can really protect the protected pages when a
session has timed out. I must have missed something in this
authentication scheme. Please kindly give me a hint. Thanks.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.
I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
|
by: Scott |
last post by:
Hi,
We're having an issue with Forms Authentication cookies being treated as
expired / invalid, and being deleted. This is causing our intranet users a
great deal of pain
- Running IIS 5.0 on Win2k Server
- Forms Authentication is setup with a timeout value of 45 minutes in
web.config
- Session timeout is set to 45 minutes in web.config
|
by: Mike |
last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have expired the forms authentication cookie is assigned a new value. I am never redirected to the login page after my initial login. If I access the site from http://localhost/myapp instead of myapp.domain.com the cookies expire correctly. The cookie...
|
by: AVance |
last post by:
Hi,
I've come across this scenario in ASP.NET 1.1 with forms authentication
where the forms auth doesn't seem to timeout correctly, nor redirect to the
login page.
I have done some testing, and I believe I've found a solution, but I
would like some insight from Microsoft on whether the code I've implemented
is correct, and why it is even working.
Here is my scenario:
|
by: DotNetShadow |
last post by:
Hi Guys
I was wondering if you can help me out with the following problem. I
created a basic secure | non secure website. So I have the root
directory as publically allowable pages and a directory called secure
with one secure page in it. Hence if I access the secure.aspx page
within the secure directory without being authenticaed then I'm thrown
to the login page.
All seems to work well, the problem I encounter is when the asp.net
| | |
by: Bijoy Naick |
last post by:
I have a folder on my site secured with Forms Authentication. After the user
is authenticated, I set a session level variable.
The session time on the server is set to 20 mins. I am guessing the default
expiry time for the Forms Authentication cookie is 30 mins? Is this correct?
So after 20 mins, the session expires (assuming no user activity), but
because the forms auth cookie is still alive, users are not redirected to
the login...
|
by: Rippo |
last post by:
Hi
I am using role base forms authentication in asp.net and have come
across a problem that I would like advice on.
On a successful login a session variable is set to identify a user.
This is all good as this session variable is used to retrieve data for
that user etc. However if I restart the webserver then the users
session is lost but the ticket is still active. Therefore the user is
not redirected back to the login page.
|
by: Mike Hofer |
last post by:
Okay, so I finally figured out forms authenticaton, to a degree and I
still have one question:
If a user walks away from my application, and the cookie expires, and
then he comes back, does forms authentication automatically force him
back to my logon page? Or does the session just expire? Or does that
depend on whether or not the cookie expires before the IIS session?
Can someone help me out here?
|
by: =?Utf-8?B?Y2hlY2tyYWlzZXJAY29tbXVuaXR5Lm5vc3BhbQ== |
last post by:
I have a site which I secure with forms authentication. When the user's
sign on and hit one of the secure pages, I have this line in my code to
ensure that the browser does not cache the page; and someone cannot navigate
back to an cached image of the page in theory after the user has signed off.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
This works all right, except when the user decides to use the browser's back...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |
