471,066 Members | 1,616 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,066 software developers and data experts.

Forms authentications questions

I have 2 questions:

1. I am trying to use forms authentication. When the user logs out, I
make these function
calls:
Session.Abandon();
FormsAuthentication.SignOut();
But after they log out, the user can (e.g. through the web history) go
and look at any pages that were already viewed when the session was
going on because of the cache. I don't want them to be able to do
that. So if I put the following function call in the Page_Load
function of every page, it fixes the problem:
Response.Cache.SetCacheability(HttpCacheability.No Cache);
Is it possible to do this globally so that it applies to every page in
the application rather than having to do it in every page?

2. I want the session to time out and for forms authentication to
automatically log the user out if they haven't done anything for a
while. So I set the Session.Timeout to something appropriate and it
times out great. I put the FormsAuthentication.SignOut() function call
inside the Session_End() function (which gets called properly when the
session times out), but it doesn't seem to log the user out of forms
authentication. The user can still view all the pages. How can I do
this?

Thanks in advnce
Nov 18 '05 #1
3 1429
Hello

The answer to the first question, is put the Response.Cache.SetCacheability
in the Application_BeginRequest.
As for the second question, FormsAuthentication timeout can be achieved
using the timeout attribute in the forms element in web.config
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="30" slidingExpiration="true">
</authentication>

the default value is 30, the slidingExpiration makes the 30 minutes
renewable when the user keeps browsing the site, otherwise his session will
expire as soon as the 30 minutes are over regardless of his activity

Best regards,
Sherif

"john" <jo********@yahoo.com> wrote in message
news:29*************************@posting.google.co m...
I have 2 questions:

1. I am trying to use forms authentication. When the user logs out, I
make these function
calls:
Session.Abandon();
FormsAuthentication.SignOut();
But after they log out, the user can (e.g. through the web history) go
and look at any pages that were already viewed when the session was
going on because of the cache. I don't want them to be able to do
that. So if I put the following function call in the Page_Load
function of every page, it fixes the problem:
Response.Cache.SetCacheability(HttpCacheability.No Cache);
Is it possible to do this globally so that it applies to every page in
the application rather than having to do it in every page?

2. I want the session to time out and for forms authentication to
automatically log the user out if they haven't done anything for a
while. So I set the Session.Timeout to something appropriate and it
times out great. I put the FormsAuthentication.SignOut() function call
inside the Session_End() function (which gets called properly when the
session times out), but it doesn't seem to log the user out of forms
authentication. The user can still view all the pages. How can I do
this?

Thanks in advnce

Nov 18 '05 #2
Thanks for the response. Your suggestions work! Is there any way I can
set the forms authentication timeout programatically rather than in
web.config?
"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message news:<eZ**************@TK2MSFTNGP10.phx.gbl>...
Hello

The answer to the first question, is put the Response.Cache.SetCacheability
in the Application_BeginRequest.
As for the second question, FormsAuthentication timeout can be achieved
using the timeout attribute in the forms element in web.config
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="30" slidingExpiration="true">
</authentication>

the default value is 30, the slidingExpiration makes the 30 minutes
renewable when the user keeps browsing the site, otherwise his session will
expire as soon as the 30 minutes are over regardless of his activity

Best regards,
Sherif

Nov 18 '05 #3
Hello

In this case, you have to manually issue the forms authentication ticket.
instead of RedirectFromLoginPage

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username, DateTime.Now, DateTime.Now.AddMinutes(formsTimeout), false, role);
string encTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie =
HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName];
if(cookie == null)
{
cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(cookie);
}
else
{
cookie.Value = encTicket;
}
string url = HttpContext.Current.Request.QueryString["ReturnUrl"];
if(url == null)
{
url = "Default.aspx";
}
HttpContext.Current.Response.Redirect(url, true);

Best regards,
Sherif

"john" <jo********@yahoo.com> wrote in message
news:29**************************@posting.google.c om...
Thanks for the response. Your suggestions work! Is there any way I can
set the forms authentication timeout programatically rather than in
web.config?
"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message

news:<eZ**************@TK2MSFTNGP10.phx.gbl>...
Hello

The answer to the first question, is put the Response.Cache.SetCacheability in the Application_BeginRequest.
As for the second question, FormsAuthentication timeout can be achieved
using the timeout attribute in the forms element in web.config
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="30" slidingExpiration="true">
</authentication>

the default value is 30, the slidingExpiration makes the 30 minutes
renewable when the user keeps browsing the site, otherwise his session will expire as soon as the 30 minutes are over regardless of his activity

Best regards,
Sherif

Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Chris Dunaway | last post: by
6 posts views Thread by Russell | last post: by
5 posts views Thread by EManning | last post: by
5 posts views Thread by Rory Becker | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.