Gracefully Handling Logged Out User

[- Steve -]

I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default page
instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

 

[Edward]

You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.

 

[- Steve -]

So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");


Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectUrl(tbEmail.Text,
false)


it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that
even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

 

[Marina]

I recommend you put it in the query string instead of session.

So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");


Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectUrl(tbEmail.Text,
false)


it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that
even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.

 

[- Steve -]

Great idea.

Now my only problem is certain state I would like to keep.

For example I have a webpage that allows you to update certain information
about yourself. If someone updates some info about themselves, times out,
then tries to update, right now I run Session.Abandon, then redirect them to
the logon page. After they logon though all the changes they made are lost.

Is there anyway to save those changes other than putting all of it in a
query string?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

I recommend you put it in the query string instead of session.

So on my logoff code I did the following

Session.Abandon();
Session["URL"] = http://server/file.aspx;
Response.Redirect("logon.aspx");


Then on the logon.aspx code I did the follwoing after the authentication
takes place

if(Session["URL"] != null)
Response.Redirect((string)Session["URL"]);
else
Response.Redirect(FormsAuthentication.GetRedirectUrl(tbEmail.Text,
false)


it never goes through the true branch. It appears that I'm losing my
Session["URL"] from the original page. Is the Session.Abandon doing that
even though I'm saving a SessionState value after I run that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

You'd better use Viewstate to store the current request url . then
logon.aspx will check the url, if it exists, redirect to it.

I'm using Forms Based Authentication.

I've written my code so that when a user does something but has

timed
out,

it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

That puts them back to logon, but then they end up back at the default
page
instead of where they where when they timed out.

What's the better way to handle that?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

 

[John Saunders]

I'm using Forms Based Authentication.

I've written my code so that when a user does something but has timed out,
it gracefully logs them out and asks them to log back on.

I do this with . .

Session.Abandon()
Response.Redirect("logon.aspx")

Session has nothing to do with Forms Authentication.

If the login has timed out, and if they user attempts to access a page which
requires that they be authenticated, then Forms Authentication will
automatically redirect them to the login page. When it does, the URL they
requested will be in the ReturnUrl query parameter. This way, when
RedirectFromLoginPage is called, they'll go right back to the page they had
requested, and Session state will still be intact.

The one issue you'll see is that, if the request which required
authentication was a postback, then the form variables will not be available
when the redirect to the requested page occurs, so they will lose their
changes. It will be as though they had hit the browser Refresh button. If
you don't abandon the Session, they will at least be able to get back to
where they were on the last successful postback.

 

[- Steve -]

You're right. What I've really been doing to myself is losing my state when
I update the bin directory. I guess that is pretty significantly different
than timing out.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708