Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > formsauthentication timeout & session timeout

Reply
Thread Tools

formsauthentication timeout & session timeout

 
 
=?Utf-8?B?Q3JhaWc=?=
Guest
Posts: n/a
 
      08-10-2005
I'm using FormsAuthentication. If the session restarts, obviously the
session variables are cleared, but the security ticket is still active.
Since I use variables in the Session to determine what data is displayed on
the page (for example I store the username variable in Session and display
the users specific data), I need to have either the security ticket signed
out if/when the session restarts, so I can have the user sign in again, so
that I can get the user specific data and place it in the Session object.
Have I designed my application incorrectly?
If this is an acceptable design, what is the solution?
 
Reply With Quote
 
 
 
 
=?Utf-8?B?RU5JWklO?= .enizin.net>
Guest
Posts: n/a
 
      08-10-2005
A couple things you can do...

1. If you are using the In-Process state server then you could probably put
your code in the Session_End event and log the user out. When using
out-of-process you don't have the Session_End event (it won't fire).

2. Or, you probably have the username or customer key in the
(HttpContext.Current.User.Identity.Name) value when you signed them in.

FormsAuthenticationTicket(1, username,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, string.Empty);

You can use this to re-locate the user data from your database and rebuild
the session.

HTH
--
Ian


"Craig" wrote:

> I'm using FormsAuthentication. If the session restarts, obviously the
> session variables are cleared, but the security ticket is still active.
> Since I use variables in the Session to determine what data is displayed on
> the page (for example I store the username variable in Session and display
> the users specific data), I need to have either the security ticket signed
> out if/when the session restarts, so I can have the user sign in again, so
> that I can get the user specific data and place it in the Session object.
> Have I designed my application incorrectly?
> If this is an acceptable design, what is the solution?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Timeout problems-web.confg session state and IIS session s =?Utf-8?B?Um9iSEs=?= ASP .Net 4 04-11-2007 04:52 PM
FormsAuthentication cookies timeout tshad ASP .Net 8 01-14-2005 05:59 AM
FormsAuthentication doesn't redirect properly after timeout Danny ASP .Net 1 06-17-2004 03:19 PM
Session contents lost despite Session.Timeout = 3000; and <sessionState mode="InProc" cookieless="false" timeout="300"> Carpe Diem ASP .Net 3 02-23-2004 07:10 PM
Meaning Of Timeout in FormsAuthentication??? .NET Follower ASP .Net 0 02-06-2004 01:24 PM



Advertisments