tags:

views:

56

answers:

1
Q: 

asp.net redirecting to login page

If I have set the forms authentication timeout to 30 days (in minutes) and I have set the session timeout to 5 mins and I am using a cookie to persist the different session variables .. why does asp.net or IIS always always issue a 302 and redirects to the login page when the session times out ? (Doing http debugging it puts an "object moved to here" message)

I am checking the session in all page_init s on all pages since they all inherit from a common Page class, if I find a faulty session i load the session variables from the cookie mentioned above.

My question is, who or what is redirecting to the login page!!?

I have tested this on IIS6 & IIS7 with identical results.

I have put breakpoints on every single redirect statement and they never fired, and hence I have concluded that something else is issuing those redirects.

further debbuging revealed the following:

A first chance exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll An exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll but was not handled in user code

But I guess that is natural since it is issuing a redirect anyway.

+1  A: 

It is the forms authentication that does this. If you are not authenticated forms authentication will send you to the loginurl.

see: http://msdn.microsoft.com/en-us/library/ff647070.aspx

The reason why you cannot debug this is that forms authentication takes the request before it gets to your code.

It is also covered at the end of this article

Edit

From the second link above:

Issue scenario: The forms authentication may time out before the timeout attribute value that is set in the configuration file If the forms authentication ticket is manually generated, the time-out property of the ticket will override the value that is set in the configuration file. Therefore, if that value is less than the value in the configuration file, the forms authentication ticket will expire before the configuration file timeout attribute value and vice-versa. For example, let's assume that the timeout attribute is set to 30 in the Web.config file and the Expiration value of the ticket is set to 20 minutes. In this case, the forms authentication ticket will expire after 20 minutes and the user will have to log on again after that.

Shiraz Bhaiji  2010-10-17 15:05:13
but shouldn't it be authenticated since I am using a BIG timeout value? How do I get around this?
a b  2010-10-17 15:28:20
Try increasing the session timeout, forms authentication uses the session not just the cookie.
Shiraz Bhaiji  2010-10-17 15:39:29
problem is, we are getting null session variables for random reasons and hence the cookie that I am using to persist the session variables
a b  2010-10-17 15:59:42
when this happens do all users get thrown out or just one?
Shiraz Bhaiji  2010-10-17 16:09:44
all users are thrown out, but i don't think it is related to an IIS recycle
a b  2010-10-17 17:09:07

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?