P
Paul W
Hi - I have an app that does not use sessions:
<sessionState mode="Off" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="true" timeout="600" />
It does use Forms authentication:
<authentication mode="Forms" >
<forms loginUrl="Login.aspx"
name = "Tenni" path="/"
protection="Validation" timeout="600" slidingExpiration="true">
</forms>
</authentication>
If a user leaves a session idle for a while (15 mins+) then when they go
back to it, it will redirect them to Login.aspx. The url for the displayed
page is then "blah.com\login.asp?RedirectUrl=nextpage.aspx" where
'nextpage.aspx' is the page they WANTED to move to.
I am no expert, but this appears to me that my security cookie is timing
out. I thought my settings in web.config (above) would prevent this.
In my call to System.Web.Security.FormsAuthentication.SetAuthCookie I have
tried specifying both a session and non-session cookie - but I get the same
problem.
Can someone shed any light, or suggest how I might get more info on what's
going on?
The problem only seems to occur on my production server (hosted at
www.discountasp.net). If I run it hosted on my own development machine, it
never does this(!).
Thanks,
Paul.
<sessionState mode="Off" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="true" timeout="600" />
It does use Forms authentication:
<authentication mode="Forms" >
<forms loginUrl="Login.aspx"
name = "Tenni" path="/"
protection="Validation" timeout="600" slidingExpiration="true">
</forms>
</authentication>
If a user leaves a session idle for a while (15 mins+) then when they go
back to it, it will redirect them to Login.aspx. The url for the displayed
page is then "blah.com\login.asp?RedirectUrl=nextpage.aspx" where
'nextpage.aspx' is the page they WANTED to move to.
I am no expert, but this appears to me that my security cookie is timing
out. I thought my settings in web.config (above) would prevent this.
In my call to System.Web.Security.FormsAuthentication.SetAuthCookie I have
tried specifying both a session and non-session cookie - but I get the same
problem.
Can someone shed any light, or suggest how I might get more info on what's
going on?
The problem only seems to occur on my production server (hosted at
www.discountasp.net). If I run it hosted on my own development machine, it
never does this(!).
Thanks,
Paul.