What to do with Authentication/Session Timeout?

[Simon Says]

Hi,

I've a login page in which after authenticating it via the Oracle DB, I will
stored the user information into the Session. However, when the Session
timeout occurs, all of the user information will be lost.

I've tried doing a Reponse.Redirect call back to my login page whenever I
detected the Session is null, but I kept getting the exception saying "...
Redirect not all in Page Callback".

Could anyone give me some pointer how I should approach this issue.

Thanks,
Simon

 

[Mark Rae]

I've a login page in which after authenticating it via the Oracle DB, I
will stored the user information into the Session. However, when the
Session timeout occurs, all of the user information will be lost.

I've tried doing a Reponse.Redirect call back to my login page whenever I
detected the Session is null, but I kept getting the exception saying "...
Redirect not all in Page Callback".

Could anyone give me some pointer how I should approach this issue.

Have you tried Server.Transfer instead of Response.Redirect...?

 

[Simon Says]

Yes. Tried that and am still getting the same error message.

I've alot of client side javascripting in my code. I placed my Redirect call
in the Page_Load event in the .vb code. When the javascript code triggered
the Redirect, I'll have the error. But, when I execute a server control
event, like a clicking a button that do a postback, my Redirect works fine.

--Simon

 

[Mark Rae]

I've alot of client side javascripting in my code.
OK.

I placed my Redirect call in the Page_Load event in the .vb code.

Ah - that might explain it...Does your page have other Page events (e.g.
Page_Init, Page_Prerender, Page_Unload etc)...

I've encountered similar issues with Response.Redirect - e.g. if you place
Response.Redirect in your Page_Init method, the Page_Load method will still
fire, but if you use Server.Transfer, the transfer will happen
immediately...

When the javascript code triggered the Redirect, I'll have the error.

??? What do you mean exactly - how is your client-side JavaScript making a
call to Response.Redirect...?

Generally speaking, I do all of this stuff in a base class which all pages
inherit, or which the MasterPage(s) inherit(s):

public class BaseMasterEvents : Page
{
public BaseMasterEvents()
{
this.PreInit += new EventHandler(BaseMaster_PreInit);
}

private void BaseMaster_PreInit(object sender, EventArgs e)
{
if (Session.IsNewSession)
{
Server.Transfer("~/sessionTimedOut.htm", false);
}
}
}

 

[Simon Says]

Yes. My page does has Page_init, and Page_Load events.

I'm working with some controls with AJAX functionality. Basically the tree
node click, in AJAX, will invoke a grid event in the server side to query
from DB, and display out the results ... all without having the page to
refresh. But, the page events still follows as if it's a postback action.So
.... when I do a tree node click, it will
1. Page_init
2. Page_load
3. grid_InitializeDataSource (this query the DB)
4. Page_init
5. Page_load

I've placed my session checking in the Page_Init event, and tried both
Redirect and Server.Transfer; and both giving me the same exception. I've
also tried your suggestion and do it in my master page PreInit event, and
I'm also getting the same exception.

I got desparate and tried ClientScript.RegisterStartUpScript to do a
"window.location.replace(login.aspx)" and it too doesn't do anything.

--Simon

 

[Mat]

why dont you increase the timeout in web.config?

 

[Mark Rae]

Yes. My page does has Page_init, and Page_Load events.
Ah...

I'm working with some controls with AJAX functionality. Basically the tree
node click, in AJAX, will invoke a grid event in the server side to query
from DB, and display out the results ... all without having the page to
refresh. But, the page events still follows as if it's a postback
action.So ... when I do a tree node click, it will
1. Page_init
2. Page_load
3. grid_InitializeDataSource (this query the DB)
4. Page_init
5. Page_load

You appear to be loading the page twice - why do steps 4 and 5 occur?

I've placed my session checking in the Page_Init event, and tried both
Redirect and Server.Transfer; and both giving me the same exception. I've
also tried your suggestion and do it in my master page PreInit event, and
I'm also getting the same exception.

Hmm - MasterPages don't have a PreInit event, so I'm assuming you're doing
the same Page inheritance stuff as I am...

I'm starting to run out of ideas now...

 

[Mark Rae]

why dont you increase the timeout in web.config?

ROTFLMAO!!!

When you get a warning light in your car, do you just do the Homer Simpson
fix by putting a strip of tape over it...?

 

[Simon Says]

Well ... coz my boss disagree to it

I'm using a longer timeout for a temp. fix now, but ... the site just feels
more professional if it can re-direct whenever the timeout occurs.

 

[Olaf Rabbachin]

Hi,

I've a login page in which after authenticating it via the Oracle DB, I will
stored the user information into the Session. However, when the Session
timeout occurs, all of the user information will be lost.

I've tried doing a Reponse.Redirect call back to my login page whenever I
detected the Session is null, but I kept getting the exception saying "...
Redirect not all in Page Callback".

maybe I misunderstand something, but have you tried something like:

If Session("User") Is Nothing then
FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()
Return
End If

Cheers,
Olaf

 

[Simon Says]

I think step 4 and 5 occurs coz the initializeDataSource event. In step 3, I
got the dataset and stored it in the Cache, then in Step5, I assigned the
dataset from the Cache and blind it to my grid.

Ya ... I've the PreInit in the child page; not in the master page.

Man ... this web development thinggy is not as easy as I though. Thanks for
all your ideas though.

 

[Mark Rae]

I think step 4 and 5 occurs coz the initializeDataSource event.

Nope - something is causing your page to load twice...

In step 3, I got the dataset and stored it in the Cache, then in Step5, I
assigned the dataset from the Cache and blind it to my grid.

That's surely not right...you must be loading the page twice...

Why do you need to store the dataset in Cache?

 

[Juan T. Llibre]

re:

Man ... this web development thinggy is not as easy as I though.

I have to chuckle a bit at that. We *all* went through that phase.

Don't let it faze you.

A correct assessment of the difficulties involved in learning
anything is often the first step towards mastering a subject.

The worst thing anybody could do is underestimate a challenge.

Take things one day at a time.
Solve today's problem's today, and let tomorrow's problems be solved tomorrow.

Carry on. You'll do fine with your kind of attitude.

 

[Simon Says]

Well ... even if it load twice ... in the 1st Load or Init, my Redirect or
Server.Transfer should work; but they are giving me the same Callback
exception. Right?

Sorry ... I use the Session to store my dataset, not the Cache. The reason
I'm storing it is because if the dataset already exist, I'll not requery the
DB again.

 

[Simon Says]

Thanks for the encourgement Juan. It's just that working on the weekend
makes me a little cranky

 

[Simon Says]

Yes. I've tried that too, and it also gives me the same Callback exception.
I tried, in my web.config, to have the following statement ...

<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="10" />
</authentication>

When timeout occurs, the page still doesn't redirect itself to the login
page. However, I tried adding in a button that does nothing, and when time
out occurs, clicking on the button will triggers a postback in which it will
redirect to the login page. This is the closest I got, but it doesn't solve
my problem because in my website, in most cases, the session will timeout
when user does a AJAX/javascript/client-side action (like a tree node
click).

 

[Mark Rae]

Well ... even if it load twice ... in the 1st Load or Init, my Redirect or
Server.Transfer should work; but they are giving me the same Callback
exception. Right?

Without knowing why it's failing, it's impossible to say... However, there
really should be no need for the page to be loading twice - that should
certainly be addressed...

Sorry ... I use the Session to store my dataset, not the Cache.

Aha - think we might be getting somewhere now...

You're persisting a dataset in Session, which is fine for data which
(almost) never changes, but your app is failing when the Session times out.

Could it possibly be that your page is trying to reference the dataset held
in Session BEFORE it determines that the Session has timed out...?

 

[Simon Says]

Nope ... I have my checking in the very 1st line, therefore, if there's a
session timeout, it will never reach to the line where it's referencing the
dataset in the Session.

 

[Olaf Rabbachin]

Hi,

Man ... this web development thinggy is not as easy as I though.

I have to chuckle a bit at that. We *all* went through that phase.
[...]
Carry on. You'll do fine with your kind of attitude.

thanks from me as well - guess Simon and me are in the same boat (and no
shore in sight yet ... But hey, apart from all the hassle I'm still
having lots of fun with it, and learning something new every day isn't bad
either.

Cheers,
Olaf

 

[Olaf Rabbachin]

Hi,

Yes. I've tried that too, and it also gives me the same Callback exception.
I tried, in my web.config, to have the following statement ...

<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="10" />
</authentication>

When timeout occurs, the page still doesn't redirect itself to the login
page. However, I tried adding in a button that does nothing, and when time
out occurs, clicking on the button will triggers a postback in which it will
redirect to the login page. This is the closest I got, but it doesn't solve
my problem because in my website, in most cases, the session will timeout
when user does a AJAX/javascript/client-side action (like a tree node
click).

hmm. I haven't ever (which isn't all that long anyway) used a
timeout-attribute within the authentication-tag. In my web.config, I'm
setting the timeout within my sessionState-tag, as in:
<sessionState mode="InProc" timeout="20"/>
As an alternative, you might also set the timeout for your application
within your website's IIS-settings. But I guess that won't make any
difference ...

Cheers,
Olaf