Expiry in Forms authentication

[Guest]

Hello,

I have an web site which uses forms authentication. The
application uses frames. When the authentication time out occurs and if we
click on any one of the frames, each individual pages shows login page.
Is there any way out to show login page in whole page and not in
each individual frames. Else if there any event which is called when the
authentication cookie expires.

Thanks,
Sushi

 

[Nicholas Paldino [.NET/C# MVP]]

Sushi,

Frames are BAD (this is only one of the reasons).

The only way I can think to do this would be to have a handler in
Javascript for each page in the site. Basically, if the handler detects
that the page being loaded is a login page, then it should traverse the
frame heiarchy to the parent window, and force that window to reload.

However, this might not be possible, due to security issues (cross frame
scripting and the like). On the other hand, it might be allowed if all the
pages are from the same site.

Hope this helps.

 

[Nicole Calinoiu]

The easiest way to handle this is in the login page itself. Using
client-side javascript, simply detect whether the login page is loaded in
the topmost browser window. If not, redirect the topmost window to the
login page. e.g.:

if (window != window.top) window.top.location.href = window.location.href;

Of course, this is likely to interfere some with post-login redirection.
Then again, the usual approach in a framed site is to redirect to the main
frame after even a post-timeout login, so perhaps this is something your
users can accept. If not, it is possible to set up a frameset to accept its
frame sources as request parameters, but care should be taken to ensure that
such a mechanism cannot be used to load pages from other sites inside your
frameset.

HTH,
Nicole