formsauthentication timeout & session timeout

I'm using FormsAuthentication. If the session restarts, obviously the
session variables are cleared, but the security ticket is still active.
Since I use variables in the Session to determine what data is displayed on
the page (for example I store the username variable in Session and display
the users specific data), I need to have either the security ticket signed
out if/when the session restarts, so I can have the user sign in again, so
that I can get the user specific data and place it in the Session object.
Have I designed my application incorrectly?
If this is an acceptable design, what is the solution?

=?Utf-8?B?Q3JhaWc=?=

A couple things you can do...

1. If you are using the In-Process state server then you could probably put
your code in the Session_End event and log the user out. When using
out-of-process you don't have the Session_End event (it won't fire).

2. Or, you probably have the username or customer key in the
(HttpContext.Current.User.Identity.Name) value when you signed them in.

FormsAuthenticationTicket(1, username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, string.Empty);

You can use this to re-locate the user data from your database and rebuild
the session.

HTH
--
Ian


"Craig" wrote:

> I'm using FormsAuthentication. If the session restarts, obviously the
> session variables are cleared, but the security ticket is still active.
> Since I use variables in the Session to determine what data is displayed on
> the page (for example I store the username variable in Session and display
> the users specific data), I need to have either the security ticket signed
> out if/when the session restarts, so I can have the user sign in again, so
> that I can get the user specific data and place it in the Session object.
> Have I designed my application incorrectly?
> If this is an acceptable design, what is the solution?

=?Utf-8?B?RU5JWklO?= .enizin.net>