You have a logic error. In each page load, you need to check session to find
out if the user is still authenticated.
Consider:
if(Session["LOGIN"] == null)
redirect to login page
In your case, when the timeout occurs and you redirect, you are using a new
session. But since you don't check if it is a new session, it appears that
the user is using the old session. Makes sense?
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @
http://tinyurl.com/27cok
----------------------------------------------------------
"hn" <hn@discussions.microsoft.com> wrote in message
news:B7**********************************@microsof t.com...
On my asp.net pages I use session for authentication. If session ends, the
user should be logged out and redirected to some other page. Currently the
user is only logged out after 20 minutes or so. when I set timeout=1, the
user is still able to navigate the authenticated pages after 1 minute of
being inactive.
"Alvin Bruney [MVP]" wrote:
how do you know the session didn't time out? what tests are you running
to
show that it didn't time out? If you put a break point in the session
timeout event, does it hold?
--
Regards,
Alvin Bruney
[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
----------------------------------------------------------
"hn" <hn@discussions.microsoft.com> wrote in message
news:CE**********************************@microsof t.com... >I tried to set session timeout =1 minute as seen below in my Web.config
>but
> it didn't work. I also tried to set the timeout in IIS as well and
> still
> the
> application doesn't time out after 1 minute. Please show me how to set
> the
> timeout setting. Thanks.
>
> <sessionState
> mode="StateServer"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data
> source=127.0.0.1;Trusted_Connection=yes"
> cookieless="false"
> timeout="1"
> />