Timeouts: session and authentication

  • Thread starter Thread starter mircu
  • Start date Start date
M

mircu

Hi,
I need a quick solution to make my application behave correctly when one
of these timeouts occurs. I have some logic in session_start but when
the authentication cookie timeouts the user is redirected to login page
and after successful login the session is not started. I'd like to have
one timeout and when it occurs the user must login and then the new
session is started. TIA.

Regards,
mircu
 
Hi,
I need a quick solution to make my application behave correctly when one
of these timeouts occurs. I have some logic in session_start but when
the authentication cookie timeouts the user is redirected to login page
and after successful login the session is not started. I'd like to have
one timeout and when it occurs the user must login and then the new
session is started. TIA.

Regards,
mircu
Click to expand...
You have to watch out for when auth is OK, but session expires. This is
the really tricky situation. To check, just create a Session var of
your own when the session starts:

Session("tester") = 1

Then always test (on every page) whether that var is equal to 1; if not,
then you know the session is timed out, if needed, log them out of forms
auth and they have to login again.

If auth timeout happens first (or perhaps when they are for some reason
redirected to the login page), just Abandon the session, since it seems
you want to restart it with their login.

Also, if possible, set the timeouts for each to the same values (auth
and session timeouts) to help alleviate the chance of this.....
 
Craig said:
You have to watch out for when auth is OK, but session expires. This is
the really tricky situation. To check, just create a Session var of
your own when the session starts:

Session("tester") = 1

Then always test (on every page) whether that var is equal to 1; if not,
then you know the session is timed out, if needed, log them out of forms
auth and they have to login again.
Click to expand...

Thank you. I did something similiar already.
If auth timeout happens first (or perhaps when they are for some reason
redirected to the login page), just Abandon the session, since it seems
you want to restart it with their login.
Click to expand...

How to detect auth timeout? Check it on Application_BeginRequest?

After some investigation i've found something strange in the iis logs.
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 GET /app/images/ 403
10:21:46 127.0.0.1 POST /app/MainWnd.aspx 302
10:21:46 127.0.0.1
QURRMEJFUUFBQUFVQUFBQUpGZ0FBQUFjQUFBQUhBQUFBRUJJQUFBQVFBQUFBQ1JjQUFBQUpCQUFBQUFrWkFBQUFEUTBCRXdBQUFB
/app/Login.aspx 403

It is after the session or auth timeouts. Why the login page gets status
403? It should be showed correctly and what is the string in the method
part in the logs (it looks like session id).

Regards,
mircu
 
Back
Top