Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Re-login if authenticated after session has expired

Reply
Thread Tools

Re-login if authenticated after session has expired

 
 
peter@cooperzone.net
Guest
Posts: n/a
 
      09-22-2006
Hi,
I have the requirement to allow users to log in just once per day even
if their session has expired. Sessions are set to 30 minutes, and I'm
using forms authentication.

I had this working nicely under .NET 1.1. Once authenticated, I wrote a
persistent authentication cookie that timed out at 8:00 pm. In the
Session_Start handler in global.asax I check if the user is
authenticated and if so, I then run a quick check on the User's name
(stored in HttpContext.Current.User.Identity.Name) and if everything's
OK then I issue a new authentication cookie using GetAuthCookie and
re-create my session variables. This keeps everyone logged in until
8:00 pm; after that they have to login again.

However, this isn't working under .NET 2.0. Once the session has
expired users get sent to the login page. I think this is because the
way Session_Start fires has changed under 2.0, and it doesn't get
created until a value is actually written into the Session object.

Does anyone know of a workaround for this, or a better way of handling
this situation; ie how to manage longer authentications than sessions
under .NET 2.0, and be able to detect when this happens before the user
gets redirected to the login page (so I can recreate my session
variables)?

Hope this makes sense!

Thanks

Peter Cooper

 
Reply With Quote
 
 
 
 
Joe Kaplan
Guest
Posts: n/a
 
      09-22-2006
I think there is some confusion here. The expiration of a forms-based
authentication ticket and the user's session state are not related. They
are governed by two separate systems and two separate cookies. The user's
session state can expire completely independently of their forms-based login
status, and vice versa.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
> I have the requirement to allow users to log in just once per day even
> if their session has expired. Sessions are set to 30 minutes, and I'm
> using forms authentication.
>
> I had this working nicely under .NET 1.1. Once authenticated, I wrote a
> persistent authentication cookie that timed out at 8:00 pm. In the
> Session_Start handler in global.asax I check if the user is
> authenticated and if so, I then run a quick check on the User's name
> (stored in HttpContext.Current.User.Identity.Name) and if everything's
> OK then I issue a new authentication cookie using GetAuthCookie and
> re-create my session variables. This keeps everyone logged in until
> 8:00 pm; after that they have to login again.
>
> However, this isn't working under .NET 2.0. Once the session has
> expired users get sent to the login page. I think this is because the
> way Session_Start fires has changed under 2.0, and it doesn't get
> created until a value is actually written into the Session object.
>
> Does anyone know of a workaround for this, or a better way of handling
> this situation; ie how to manage longer authentications than sessions
> under .NET 2.0, and be able to detect when this happens before the user
> gets redirected to the login page (so I can recreate my session
> variables)?
>
> Hope this makes sense!
>
> Thanks
>
> Peter Cooper
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some shareware has a time limit and the software will not work after the time limit has expired. anthony crowder Computer Support 20 01-16-2007 10:01 AM
How to allow a webbrowser to restart a session after it has expired? Riaan ASP .Net 17 05-19-2006 12:06 PM
AuthenticateRequest Before or After User has been Authenticated? Tyler Carver ASP .Net Security 3 03-01-2006 08:50 AM
How can I find when an ASP.NET session has expired? =?Utf-8?B?RGF2aWQgUG9wZWNr?= ASP .Net 2 05-10-2004 07:35 PM
Prevent a page in an authenticated application from being authenticated Abhijit ASP General 0 04-12-2004 02:10 PM



Advertisments