By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,435 Members | 2,036 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,435 IT Pros & Developers. It's quick & easy.

Gracefully Handling Logged Out User

P: n/a
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default page
instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default page instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #2

P: n/a
So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");
Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectU rl(tbEmail.Text,
false)
it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that
even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Edward" <zi***@citiz.net> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out, it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default

page
instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


Nov 18 '05 #3

P: n/a
I recommend you put it in the query string instead of session.

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:O6*************@TK2MSFTNGP12.phx.gbl...
So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");
Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectU rl(tbEmail.Text,
false)
it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that
even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Edward" <zi***@citiz.net> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out, it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default

page
instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708



Nov 18 '05 #4

P: n/a
Great idea.

Now my only problem is certain state I would like to keep.

For example I have a webpage that allows you to update certain information
about yourself. If someone updates some info about themselves, times out,
then tries to update, right now I run Session.Abandon, then redirect them to
the logon page. After they logon though all the changes they made are lost.

Is there anyway to save those changes other than putting all of it in a
query string?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Marina" <so*****@nospam.com> wrote in message
news:Or**************@TK2MSFTNGP09.phx.gbl...
I recommend you put it in the query string instead of session.

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:O6*************@TK2MSFTNGP12.phx.gbl...
So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");
Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectU rl(tbEmail.Text,
false)
it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Edward" <zi***@citiz.net> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.

> I'm using Forms Based Authentication.
>
> I've written my code so that when a user does something but has timed
out,
> it gracefully logs them out and asks them to log back on.
>
> I do this with . .
>
> Session.Abandon()
> Response.Redirect("logon.aspx")
>
> That puts them back to logon, but then they end up back at the

default page
> instead of where they where when they timed out.
>
> What's the better way to handle that?
>
> --
>
> Steve Evans
> Email Services
> SDSU Foundation
> (619) 594-0708
>
>
>



Nov 18 '05 #5

P: n/a
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")


Session has nothing to do with Forms Authentication.

If the login has timed out, and if they user attempts to access a page which
requires that they be authenticated, then Forms Authentication will
automatically redirect them to the login page. When it does, the URL they
requested will be in the ReturnUrl query parameter. This way, when
RedirectFromLoginPage is called, they'll go right back to the page they had
requested, and Session state will still be intact.

The one issue you'll see is that, if the request which required
authentication was a postback, then the form variables will not be available
when the redirect to the requested page occurs, so they will lose their
changes. It will be as though they had hit the browser Refresh button. If
you don't abandon the Session, they will at least be able to get back to
where they were on the last successful postback.
--
John Saunders
johnwsaundersiii at hotmail
Nov 18 '05 #6

P: n/a
You're right. What I've really been doing to myself is losing my state when
I update the bin directory. I guess that is pretty significantly different
than timing out.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"John Saunders" <jo**************@notcoldmail.com> wrote in message
news:uR**************@tk2msftngp13.phx.gbl...
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out, it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")
Session has nothing to do with Forms Authentication.

If the login has timed out, and if they user attempts to access a page

which requires that they be authenticated, then Forms Authentication will
automatically redirect them to the login page. When it does, the URL they
requested will be in the ReturnUrl query parameter. This way, when
RedirectFromLoginPage is called, they'll go right back to the page they had requested, and Session state will still be intact.

The one issue you'll see is that, if the request which required
authentication was a postback, then the form variables will not be available when the redirect to the requested page occurs, so they will lose their
changes. It will be as though they had hit the browser Refresh button. If
you don't abandon the Session, they will at least be able to get back to
where they were on the last successful postback.
--
John Saunders
johnwsaundersiii at hotmail

Nov 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.