"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I'm using Forms Based Authentication.
I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.
I do this with . .
Session.Abandon()
Response.Redirect("logon.aspx")
Session has nothing to do with Forms Authentication.
If the login has timed out, and if they user attempts to access a page which
requires that they be authenticated, then Forms Authentication will
automatically redirect them to the login page. When it does, the URL they
requested will be in the ReturnUrl query parameter. This way, when
RedirectFromLoginPage is called, they'll go right back to the page they had
requested, and Session state will still be intact.
The one issue you'll see is that, if the request which required
authentication was a postback, then the form variables will not be available
when the redirect to the requested page occurs, so they will lose their
changes. It will be as though they had hit the browser Refresh button. If
you don't abandon the Session, they will at least be able to get back to
where they were on the last successful postback.
--
John Saunders
johnwsaundersiii at hotmail