session state time out

[ton]

Hi,

when the sessionstate timeouts, I want to redirect to a logon page. The
problem is that because there are a lot of controls where the user can push
on I have to check the expreid sessionstate for each procedure. In the page
load event I allready used the

Response.Redirect("logon.aspx", False)

but (code behind of) the menu which was clicked by the user will executed.
Is there a way to avoid checking this for every possible function the user
is calling?

Ton

 

[Joy]

Hi,

Normally if you are using Forms Authentication, users will be re-directed to
Login page once Session expires.

Another way is to use META Tag. But i will recommend using Forms
Authentication.

Please also take a look at the following discussion:

http://p2p.wrox.com/asp-net-1-1/28177-session-timeout-redirect-global-asax.html

Let me know if it helped.

regards,
Joy

 

[ton]

Hi,

I'm now using

If Session("informatie") & "" = "" Then 'this checks whter the
sessionvar is filled
Response.Redirect("login.aspx") ' so
not Response.Redirect("logon.aspx", False)
End If

I've put this instruction in my Page_Init function (and also in my
page_load, but what ever I choose, the code stops excuting and the
login.aspx is loaded. So it is solved..

I'did read the discussion you showed me, but could figure out why it did not
work for this guy (MH). Does it has anything to do with the ASP.NET version
(I'm running under 2.0, in the discussion 1.1 is mentioned.)

I'm interested in your answer

Thanx

Ton

 

[Joy]

Hi,

The only thing that has changed in Forms Authentication for ASP.NET 2.0, is
the fact that in 2.0 Forms Authentication can be cookieless (in this case it
uses query string) also (which was not the case in 1.1).

If you have read about Forms Authentication, you would know that once the
user supplies the credentials, Code in the logon page should create a cookie
that contains a forms authentication ticket that is set for the session.

In the discussion url posted earlier i think the guy (MH) has not written
any code to create the cookie.

Please refer the following MSDN Url:

http://msdn.microsoft.com/en-us/library/aa480476.aspx


Let me know if it helps.

regards,
Joy

 

[ton]

the thing is I'm using windows authentication and once noticed the session
variable no longer exists the the Response.Redirect("login.aspx") works as
expected. The minor part is that I have to add this in in the Page_PreInit
function for each webform (in my case 4). But that is the easy part of an
appl.

Does this makes sense or can I trap in an other error here?

thanx


ton

 

[Joy]

Hi,
Though you mentioned that you are using Windows Authentication but you
didn't mention the reason behind it. However, i would presume that users
accessing your site have Windows Account on the server (or Active Directory).

Well, the good news is you can have Integrated Authentication in your case
which means:
1. Windows Authentication in IIS.
2. Forms Authentication in ASP.NET.

The following article will give you good insight about what i am referring to:

http://mvolo.com/blogs/serverside/a...uthentication-and-Windows-Authentication.aspx


I hope this helps.


Do let me know.

regards,
Joy

 

[ton]

I have to be honest ....

I did not think about the authentication anyway, it is the default, but yes.
My users have a windows acount on the server, but I have to admit I let them
log on to my app with a different username and password, which I allready
thought is not a good idea. So I keep the windows authentication, but will
use it the way it should. (I suppoose I should let them fill in the windows
password?, or what else).

thanx, I will study this carefully

(BTW the software isn't beta yet)

Ton