If I have set the forms authentication timeout to 30 days (in minutes) and I have set the session timeout to 5 mins and I am using a cookie to persist the different session variables .. why does asp.net or IIS always always issue a 302 and redirects to the login page when the session times out ? (Doing http debugging it puts an "object moved to here" message)
I am checking the session in all page_init s on all pages since they all inherit from a common Page class, if I find a faulty session i load the session variables from the cookie mentioned above.
My question is, who or what is redirecting to the login page!!?
I have tested this on IIS6 & IIS7 with identical results.
I have put breakpoints on every single redirect statement and they never fired, and hence I have concluded that something else is issuing those redirects.
further debbuging revealed the following:
A first chance exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll An exception of type 'System.Threading.ThreadAbortException' occurred in mscorlib.dll but was not handled in user code
But I guess that is natural since it is issuing a redirect anyway.