I
Iain
I've got a asp.net (2.0) application which uses forms authentication.
My problem is that every so often the Session expires though the forms
Session does not. WHich causes a crash.
What I *want* to happen is that the login is valid for (say) 20 mins without
any user activity (how does the forms stuff know this?). At that if the user
performs any action on the site, they should be redirected to the login page
and the session will be lost.
The session will also be lost (for memory reasons) 25 mins after the last
login.
I've read that you can use Session_Start to reconstitute the session, but
unfortunately some of the session values depend on choices made immediately
after logon and I don't particularly want to persist these.
What is the 'best practice' for managing timeouts in this context?
Iain
My problem is that every so often the Session expires though the forms
Session does not. WHich causes a crash.
What I *want* to happen is that the login is valid for (say) 20 mins without
any user activity (how does the forms stuff know this?). At that if the user
performs any action on the site, they should be redirected to the login page
and the session will be lost.
The session will also be lost (for memory reasons) 25 mins after the last
login.
I've read that you can use Session_Start to reconstitute the session, but
unfortunately some of the session values depend on choices made immediately
after logon and I don't particularly want to persist these.
What is the 'best practice' for managing timeouts in this context?
Iain