CODEWITHSUNDEEP
c#asp.netasp.net-mvc-4timeoutforms-authentication
user2277720
user2277720

Reputation:

Application Logging user off after being idle 10 mintues

I am doing a group project with 4 other people. We are designing a job kiosk in ASP.NET in MVC4 with embedded c# and Razor. It generates dynamic web pages from a server. We are using Visual Studio 2010 SP1 with Microsoft SQL Server 2008 R2 SP1 in a Windows 7 environment.

I am working on having the system log the user out if they are idle for 10 minutes. I need some help on how to start coding a way for the system to log the user out. I am basically coding a controller with editing the views(web pages) that the other members in my group have done. This way the timer starts on all the view pages.

Upvotes: 3

Views: 2305

Answers (2)

Erik Funkenbusch
Erik Funkenbusch

Reputation: 93444

You would typically set the expiration value on the FormsAuthentication ticket, using a sliding window.

http://support.microsoft.com/kb/910443

<authentication mode="Forms">
   <forms name=".ASPXAUTH" loginUrl="~/Account/Login" protection="All" 
      timeout="10" path="/" slidingExpiration="true" />
</authentication>

If you're using the default [Authorize] attribute of MVC, and using WebSecurity then this should automatically work. If you're issuing your own forms authentication ticket, then you may have to set the values explicitly.

Others have mentioned the Session timeout, but beware of two things. First, you should never do any kind of authentication related to Session, and second Session timeout and Authentication timeout are two different things, although you may want to keep them synchronized. That's harder to do with the sliding window though.

Upvotes: 5

Dan Hunex
Dan Hunex

Reputation: 5318

You can control the session with the following entry in the Web.config, e.g.:

<configuration>
    <system.web>
        <sessionState timeout="2" />
    </system.web>
</configuration>

Upvotes: -1

Related Questions