Reputation: 4247
asp.net session expiry not redirecting page with forms authentication
in my MVC 3 application on login it executes the following:
System.Web.Security.FormsAuthentication.SetAuthCookie(userName, false);
My web.config has the following:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
After that I set a few session variables. Problem is that if I leave a page for long enough for the session to expire, then click on a page then instead of redirecting me to the login screen, it is raising an exception in the controller with the null reference of the session variable.
public ActionResult Fixit(int Id, int cardId)
{
var model = new FixitVM();
model.PointsMaxValue = (int)Session["MAXPoints"];
}
Is this expected behavior? I would have thought the redirect to the login page would happen before this code fired. Is there some configuration I can set to make the redirect happen before it tries to evaluate this code?
Upvotes: 0
Views: 806
Answers (1)
Reputation: 1522
Authentication and session are managed by two different cookies. It's possible that the session cookie has expired while the authentication cookie is still good.
Upvotes: 1
Related Questions
- Forms authentication expires with session
- How to redirect to LogIn page when Session is expired (ASP.NET 3.5 FormsAuthen)
- asp.net mvc redirect to login on session expiry
- Authentication session expires on ASP.NET MVC
- With ASP.NET MVC redirect to login page when session expires
- MVC session expiring but not authentication
- asp.net authentication mode="Forms" timeout not working
- Session expiring and auth cookie remaining
- Asp.net session expiry redirect to login page
- Redirect to page after Forms Authentication Timeout