Catching forms authentication expiry

A

Andy Fish

Hi,

I have an asp.net web app whereby I authenticate the user with Forms
Authentication and store details about him in the session. I want to be able
to catch an event when the users authentication period expires but I can't
see any way to do this.

Currently I have set the forms authentication expiry shorter than the
session expiry because I don't want a user logged in if his session details
are invalid. I was thinking of setting the two timeouts to the same thing,
then I could catch the session_end event. However, to avoid the race
condition of having session_end happen before the forms authentication
timeout, I would want to force the user to get logged off in the session_end
event, but calling FormsAuthentication.SignOut() in the session_end event
would presumably not work. It's not really clear to me how the static
methods in FormsAuthentication get their context (i.e. when calling
SignOut() how does it know which user to sign out?)

It seems to me that most people using forms authentication would want to tie
the session period in with the authenticated period and avoiding all the
race conditions - has anyone found a sensible way to do this.

Andy
 
C

coollzh

as my experiences , if user's request is Authenticated, the user session
will never timeout, i dont why this happen too
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top