P
peter
Hi,
I have the requirement to allow users to log in just once per day even
if their session has expired. Sessions are set to 30 minutes, and I'm
using forms authentication.
I had this working nicely under .NET 1.1. Once authenticated, I wrote a
persistent authentication cookie that timed out at 8:00 pm. In the
Session_Start handler in global.asax I check if the user is
authenticated and if so, I then run a quick check on the User's name
(stored in HttpContext.Current.User.Identity.Name) and if everything's
OK then I issue a new authentication cookie using GetAuthCookie and
re-create my session variables. This keeps everyone logged in until
8:00 pm; after that they have to login again.
However, this isn't working under .NET 2.0. Once the session has
expired users get sent to the login page. I think this is because the
way Session_Start fires has changed under 2.0, and it doesn't get
created until a value is actually written into the Session object.
Does anyone know of a workaround for this, or a better way of handling
this situation; ie how to manage longer authentications than sessions
under .NET 2.0, and be able to detect when this happens before the user
gets redirected to the login page (so I can recreate my session
variables)?
Hope this makes sense!
Thanks
Peter Cooper
I have the requirement to allow users to log in just once per day even
if their session has expired. Sessions are set to 30 minutes, and I'm
using forms authentication.
I had this working nicely under .NET 1.1. Once authenticated, I wrote a
persistent authentication cookie that timed out at 8:00 pm. In the
Session_Start handler in global.asax I check if the user is
authenticated and if so, I then run a quick check on the User's name
(stored in HttpContext.Current.User.Identity.Name) and if everything's
OK then I issue a new authentication cookie using GetAuthCookie and
re-create my session variables. This keeps everyone logged in until
8:00 pm; after that they have to login again.
However, this isn't working under .NET 2.0. Once the session has
expired users get sent to the login page. I think this is because the
way Session_Start fires has changed under 2.0, and it doesn't get
created until a value is actually written into the Session object.
Does anyone know of a workaround for this, or a better way of handling
this situation; ie how to manage longer authentications than sessions
under .NET 2.0, and be able to detect when this happens before the user
gets redirected to the login page (so I can recreate my session
variables)?
Hope this makes sense!
Thanks
Peter Cooper