The majority of pages on our site need authentication (forms auth against the
aspnetdb database). I created an '~/auth' folder with its own config file
forcing authentication for any pages in the folder.
The default.aspx sits in the root folder and just does a Response.Redirect
to an ~/auth/home.aspx page. The config forces authentication, which is
carried out by ~/pub/login.aspx which has a standard asp:login control.
I set up the default.aspx and login.aspx pages with
EnableSessionState=False. Only authenticated pages have
EnableSessionState=True. I did this so that unauthorised people/bots would
not generate sessions. Each auth page has a LoginStatus control that allows
the user to log out, which returns them to the login page.
Everything seemed to be working ok but I thought I could improve things by
issuing a Session.Abandon in the LoggedOut event handler. On logging out the
user is at the login page. If they then enter their user name and password
and try to login they get another instance of the login page. If they enter
their details and try to log in again they finally get to the ~/auth/home
page.
I removed the Session.Abandon and I got the expected behaviour, ie redirect
to the ~/auth/home the first time after entering the user name and password.
Still with EnableSessionState=False I then changed the session time out to 1
minute. If the user logs out and attempts to log back in straight away it
works. However, if the user were to wait for over a minute before attempting
to log back in the user gets two login screens.
With EnableSessionState=True on the login page, abandoning the session does
not cause a problem.
To summarise; if the login page has EnableSessionState=False and the session
has expired then the user has to login twice.
Is there a way around this without enabling the session state?
Cheers,
Andrew
3  4316 
Hi Andrew,
Thanks for your detailed explanation, but I'm still having trouble to
reproduce the issue on my side; especially following points:
* You mentioned two login screens, are they all referring to
~/pub/login.aspx or you have another login page?
Would you please send me a small project to demonstrate the issue? Thanks
for the trouble.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
I created a test project and couldn't recreate it. Eventually I found some
code which caught expired sessions. It signed the user out and then
redirected them to the login page. The code was being run when logging in
after a session abandon, hence the double login.
Apologies for taking up your time on this Walter,
Andrew
Hi Andrew,
Thanks for your update.
Have a good day.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Wayne Smith |
last post by:
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to...
|
by: David Brown |
last post by:
In ASP.NET 2.0, I am using the asp:login control, but I want to reduce the
validation on the password.
I dont want the user to have to put in a special character or a number etc.
Is it...
|
by: jeff |
last post by:
I am using the asp:login control and want to change the login failure
message if the user has become locked out. I want to tell them to call
technical support to reset their password. Does anyone...
|
by: R.A.M. |
last post by:
I have a problem with logging in implementation in ASP.NET 2.0.
I decided to use asp:Login control (which is enough), but I cannot
find solution for handling logging in.
I have an .aspx:
<%@...
|
by: Sasquatch |
last post by:
I'm having trouble creating a simple login page using the asp:login
control. I followed some instructions in a WROX book, "Beginning
ASP.NET 2.0," and the instructions are very straight forward,...
|
by: Sasquatch |
last post by:
I'm still having trouble creating a simple login page using the
asp:login
control. I followed some instructions in a WROX book, "Beginning
ASP.NET 2.0," and the instructions are very straight...
|
by: HeatherBMI |
last post by:
I've been searching for a way to test this control with my NUnitASP tests for awhile now and have yet to come up with anything. I have all of my tests written, but until I can get past the initial...
|
by: =?Utf-8?B?TWFyY0c=?= |
last post by:
I have a Server.Transfer in my asp:Login LoggedIn event handler. I am forcing
transfer to a specific page since I do not want to use the ReturnURL that is
in Request.Params (i.e., the user...
|
by: zaifi |
last post by:
I how to use asp login control with oracle databse..please explain me and source code.
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |
