Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Session not ending?

Reply
Thread Tools

Session not ending?

 
 
Fabio Cavassini
Guest
Posts: n/a
 
      01-18-2006

I've got the following configuration in Web.config

<authentication mode="Forms">
<forms name=".ASPXCOOKIE" loginUrl="sigin.aspx" protection="All"
timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>

When I first try to get a page from the application (let's say ot.aspx)
it redirects to the sigin.aspx page.

Once logged I execute Session.Abandon

Now, I can get the "ot.aspx" page again without having to sig in

It would only ask me again to sigin until I close the browser, wht?

Best Regards
Fabio Cavassini
http://www.pldsa.com

 
Reply With Quote
 
 
 
 
=?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBNVlA=?=
Guest
Posts: n/a
 
      01-18-2006
On your logout routine, redirect the person to a page. The session.abandon is
not complete on the client side until you ask for another page, as it has to
send a new session cookie (server cookie) to your browser. Until that point
in time, you are still "authenticated".

As a safety measure, you can add a handler that ensures only active
credentials can access anything and, possibly, expire pages so the user, at
best, gets those ugly "page no longer valid" pages.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************


"Fabio Cavassini" wrote:

>
> I've got the following configuration in Web.config
>
> <authentication mode="Forms">
> <forms name=".ASPXCOOKIE" loginUrl="sigin.aspx" protection="All"
> timeout="30" path="/">
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
>
> When I first try to get a page from the application (let's say ot.aspx)
> it redirects to the sigin.aspx page.
>
> Once logged I execute Session.Abandon
>
> Now, I can get the "ot.aspx" page again without having to sig in
>
> It would only ask me again to sigin until I close the browser, wht?
>
> Best Regards
> Fabio Cavassini
> http://www.pldsa.com
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Timeout problems-web.confg session state and IIS session s =?Utf-8?B?Um9iSEs=?= ASP .Net 4 04-11-2007 04:52 PM
Unable to serialize the session state. Please note that non-serializable objects or MarshalByRef objects are not permitted when session state mode is 'StateServer' or 'SQLServer'. Mike Larkin ASP .Net 1 05-23-2005 12:33 PM
Re: lost session values, not Session Alvin Bruney [MVP] ASP .Net 0 03-02-2004 06:35 AM
Session State - What does it take to establish one single ASP.NET session per "browser session" Jeff Smythe ASP .Net 3 01-02-2004 04:10 AM
How can I "know" the difference between a session timed out and a session that did session.abort? Jazzis ASP General 2 09-23-2003 07:16 AM



Advertisments