By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,310 Members | 1,944 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,310 IT Pros & Developers. It's quick & easy.

Catching forms authentication expiry

P: n/a
Hi,

I have an asp.net web app whereby I authenticate the user with Forms
Authentication and store details about him in the session. I want to be able
to catch an event when the users authentication period expires but I can't
see any way to do this.

Currently I have set the forms authentication expiry shorter than the
session expiry because I don't want a user logged in if his session details
are invalid. I was thinking of setting the two timeouts to the same thing,
then I could catch the session_end event. However, to avoid the race
condition of having session_end happen before the forms authentication
timeout, I would want to force the user to get logged off in the session_end
event, but calling FormsAuthentication.SignOut() in the session_end event
would presumably not work. It's not really clear to me how the static
methods in FormsAuthentication get their context (i.e. when calling
SignOut() how does it know which user to sign out?)

It seems to me that most people using forms authentication would want to tie
the session period in with the authenticated period and avoiding all the
race conditions - has anyone found a sensible way to do this.

Andy
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
as my experiences , if user's request is Authenticated, the user session
will never timeout, i dont why this happen too

"Andy Fish" <aj****@blueyonder.co.uk> 写入消息新闻
:ge*********************@news-text.cableinet.net...
Hi,

I have an asp.net web app whereby I authenticate the user with Forms
Authentication and store details about him in the session. I want to be able to catch an event when the users authentication period expires but I can't
see any way to do this.

Currently I have set the forms authentication expiry shorter than the
session expiry because I don't want a user logged in if his session details are invalid. I was thinking of setting the two timeouts to the same thing,
then I could catch the session_end event. However, to avoid the race
condition of having session_end happen before the forms authentication
timeout, I would want to force the user to get logged off in the session_end event, but calling FormsAuthentication.SignOut() in the session_end event
would presumably not work. It's not really clear to me how the static
methods in FormsAuthentication get their context (i.e. when calling
SignOut() how does it know which user to sign out?)

It seems to me that most people using forms authentication would want to tie the session period in with the authenticated period and avoiding all the
race conditions - has anyone found a sensible way to do this.

Andy

Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.