tags:

views:

583

answers:

2
+1  Q: 

ASP.NET mixed windows/forms authentication problem with session objects

Hey all,

Weird problem here, we're running a few mixed environment web applications, that use Windows or Forms authentication depending on where the user comes from.

I'm curious how everyone else might be handling expired sessions to avoid the errors you would get from someone leaving an idle session open for too long and then trying to resume work, mainly looking for best practices on the subject.

Any suggestions or opinions would be greatly appreciated.

Thanks,

+1  A: 

I'm not sure how your authentication method affects session timeouts, the mechanism they use to get in shouldn't affect how long they can stay in.

Generally speaking, if someone does have an expired session, you can add code to check to see if their session is active. If it isn't, just redirect them to a login page, or display some other friendly text.

Basically something like:

if (Session.IsNewSession) 
   Response.Redirect("login.aspx");
AaronS  2009-04-02 18:45:45
Where would you suggest the DRYest place would be for that check?
thismat  2009-04-02 18:47:33
It really depends on the structure of your site. If you use a master page, you could add it in it's Page_Load or Page_Init. If you have a shared user control, you can add it to it's Page_Init. You could also just add it manually to the Page_Load of every page that uses session data.
AaronS  2009-04-02 19:08:20
I don't like the idea of maintaining something over that many pages, we're doing the master page and it's working out great, thanks.
thismat  2009-04-02 19:26:15
A: 
  • Don't store unnecessary information on the session.
  • If you are storing something you can reload, have the appropriate code that will reload it if it wasn't found in the session
  • Consider if some processes are meant to be handled in long periods of time, in which case save intermediate info to the database.
  • If the user is doing a process that uses the session, and the data is missing, take them to step 1 (not much you can do about it, if you don't have the info elsewhere).
eglasius  2009-04-02 19:02:29

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps