Hi
I am doing a manual timeout, irrespective of whether the user is active
or not I will time them out after 3 hours. I also make sure the page is
not cached so that they can't go back to the page from which they were
timedout.
The problem now is that when they go back to their page(which says the
page has expired) and click on the refresh button in the browser they
are somehow authenticated and a new session is created.
I am trying to get them out of them system comepletely and force them
to login again. FYI, I am using integrated "Windows" authentication
mode.
My Global.asax
__________________________________________________ ________________
void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
HttpSessionState state = HttpContext.Current.Session;
DateTime entryTime =
Convert.ToDateTime(state.Contents["EntryTime"]);
TimeSpan minutes = DateTime.Now.Subtract(entryTime);
if (minutes.TotalMinutes > 180)
{
state.Abandon();
Response.Redirect("http://10.1.1.24:8080/SoapTestWebApp/Timeout.aspx");
}
}
void Application_AcquireRequestState(object sender, EventArgs e)
{
HttpSessionState state = HttpContext.Current.Session;
if (state.Contents["EntryTime"] == null)
{
state.Add("EntryTime", DateTime.Now);
}
}
5  5430 
Hi
Instead of using the session what I would to do is create a Cookie
called something like "FirstRequestData" with the value being the date
of the first request.
Then for every subsequent request, I would check to see if the date is
greater than 3 hours from the FirstRequestDate, then i would redirect
them to a timeout message page, otherwise ignore.
Now, if you want the clock to be reset every time they close the
browser, I wouldn't specify a value for the cookie expiration, that
will make it so that everytime the browser is closed completely, the
cookie will be deleted.
I hope that helps.
Jose
Jose
Thanks for the tip about using a cookie instead of session.
However, my problem is to make sure I force them to login again, when
they try to hit the back button.
Hi,
I wonder if this will help.
- You can use either Javascript to disable the back button by clearing
the history of the browser.
- You can use browser header tags, or even meta tags to control
client-side cache behavior and ensure no caching of your page is done.
Regards,
Vaibhav www.nagarro.com
Hi Vaibhav
That is true. But to make sure that I don't cache the page, I could do
that in the aspx tag. That is no the issue here.
The issue is, although after hitting the back button the page shows
that it is expired, if the user hits the "Refresh" button in the
browser, for some reason the use is authenticated.
I beleive there is some kind of caching done by the client about the
credentials and it uses it for requesting the page on refresh.
you are correct.
because you are using IIS authentication, every page request is
authenticated (no cookie is used - that's just used for session id). to keep
from asking credentials on every hit, the browser caches the credentials.
if you want them to see the login dialog box, you need to send a 401 error
even though the creditials are valid. you only want to do this once, or they
will not be able to access the site.
-- bruce (sqlwork.com)
<kp******@gmail.com> wrote in message
news:11**********************@v46g2000cwv.googlegr oups.com...
Hi Vaibhav
That is true. But to make sure that I don't cache the page, I could do
that in the aspx tag. That is no the issue here.
The issue is, although after hitting the back button the page shows
that it is expired, if the user hits the "Refresh" button in the
browser, for some reason the use is authenticated.
I beleive there is some kind of caching done by the client about the
credentials and it uses it for requesting the page on refresh.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Jack |
last post by:
Hi,
In my application, the main page is accessed via a login screen. A
particular record is accessed based on the value of login page. Everything
works fine. However, if this screen is kept idle...
|
by: Anders Jacobsen |
last post by:
Hey
Im devloping an application in asp.net 1.1 SP2. I need to control timeout
values for each user. Im having trouble to make it work. When the session
timouts out I want to redirect the user to...
|
by: John |
last post by:
Hello,
I have a program that is syncing data from an access database to a
sql database nightly. The problem is that all of the sudden, program has
been working for months now, that we are...
|
by: Chumma Dede |
last post by:
Hi,
Is there any way in asp.net 1.1 to force a user to logout from an
existing session on machine1, if that same userid logs in with a new
session on another machine, say machine2?
We are...
|
by: =?Utf-8?B?ZG91Zw==?= |
last post by:
I support several intranet sites one of which had NO STATE. Even though
content has ASP extensions, it was all rendered HTML. Site had NO session or
application variables being managed. Site had...
|
by: Andy_Khosravi |
last post by:
I have a method in place in my application to force users out. It's a
simple tactic I got from these newsgroups where you create a table
with one record called logout, then check that field with a...
|
by: dmc2409 |
last post by:
Well, I am more a desigber than developer. Need to solve the folloving
problem. I have a page on, lets call it Firstserver. It opens Page1,
Page2 and Page3 on Secondserver through a frame on the...
|
by: Mufasa |
last post by:
Folks,
I'm having problems with my session timeout. People using my website leave
it just sitting there while they do other things. They have logged in (
using Forms Authentication ) and will be...
|
by: Thiago Macedo |
last post by:
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
