views:

34

answers:

3

I want my application to log out the logged in user and take them to the Loing.aspx page as soon as the Session times out. The user should be logged out without any event being triggered. I have tried making changes in authentication mode but all in vain...

A: 

Web Forms are not like Windows Forms, but you might play with it a bit.

You can't catch a Session.End event and redirect the user to somewhere else, but you might play with cookies. Sessions expires, cookies' expiration is controlled by your code.

The first thing that comes into my mind is to set a cookie after login, then at every page load check

if (cookie is present && Session["LoggedIn"]==null)
    Response.Redirect("Login.aspx");

This is a brute hand-written pseudo code that might help you make an idea.

But another question rises: if you are in a protected area and session expires, ASP.NET, as soon as you configured authentication well should automatically bring you to the login page.

By "well configuring" I mean following all the standard procedure to create protected areas within your web application and using Forms authentication: RTFM for that http://www.asp.net/security/tutorials/an-overview-of-forms-authentication-vb

djechelon
A: 

If your forms authentication is properly setup (Like mentioned here) , and given that you anyways don't want to trap any event on session timeout, then ideally if user is InActive for 20 mins (which is the default session timeout time unless you changed it), application would automatically redirect any next request to Login.aspx. But make sure that you followed all steps given in the above link (basically correct authentication and authorization tag etc).

Subhash Dike
I'm guessing that the asker here wants the user's browser to be taken to the login.aspx page as soon as the session times out on the server, as opposed to being taken there the next time the user tries to access another page.
MusiGenesis
A: 

Try adding following tag under <system.web> in web.config

<sessionState mode="InProc" timeout="200"></sessionState>

kapil