CODEWITHSUNDEEP
c#asp.net
jomsk1e
jomsk1e

Reputation: 3625

Handling Forms Authentication timeout in ASP.net

Can I handle forms authentication timeout in Global.asax? Just like the Session_End in global.asax? Please advice.

I'm setting timeout in forms auth in my webconfig with these: 

<forms name="formName" loginUrl="Login.aspx" protection="All" path="/" timeout="30"/>

Thanks to all! :)

Upvotes: 2

Views: 1705

Answers (1)

Aristos
Aristos

Reputation: 66641

No you can not because the timeout is encoded on the authentication cookie, and is lives on the browser (not on server side).

You can either make that custom, to also keep on a database the user timeout - but its not so easy, and alternative you can use the Application_AuthenticateRequest on global.asax to check right before the request if the user is not authenticated any more.

One example on how to remove session data if the the user is not authenticate. On global asax.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    // get the authCookie
    HttpCookie authCookie = Context.Request.Cookies[cookieName];
    // if is null then the use is not Authendicated
    if (null == authCookie && System.Web.HttpContext.Current.Session != null)
    {
        // now check if you have Session variables that you wish to remove.
        if(System.Web.HttpContext.Current.Session["flag"] == "1")
        {
            // remove your session data


        }   
    }
}

You maybe also check with 

if(HttpContext.Current.User == null || HttpContext.Current.User.Identity == null || !HttpContext.Current.User.Identity.IsAuthenticated)
{
        // now check if you have Session variables that you wish to remove.
        if(Session["flag"] == "1")
        {
            // remove your session data         

        }    
}

Upvotes: 2

Related Questions