Reputation: 6986
Session Expires and User is no longer valid
I cache information about the currently logged in user in the session. This info lazy loads whenever a CurrentUser property on my global application class is used. It does this by calling GetUser() on my custom implementation of MembershipProvider, which either loads the user up from the session, or loads the user from the DB and throws the user object in the session.
How should I handle this scenario?
- User logs in.
- Administrator deletes user (or deactivates...the point is they can't log in any more).
- User's session expires.
- User navigates to a page or makes a request, or whatever.
Currently if this scenario occurs, NullReferenceExceptions are thrown all over the place, because the ASP .NET framework calls GetUser() which returns nothing because it can't find the user in the database (and there's nothing in the session because it expired).
Upvotes: 0
Views: 422
Answers (2)
Reputation: 77580
If your app thinks a user is signed in but the user cannot be found, one option might be to use FormsAuthentication.SignOut() to make ASP.NET forget about the user. They should then be kicked back to the login screen or anonymous mode.
Upvotes: 1
Reputation: 5155
Throw an exception from GetUser() if you're going to return null. Then you can have the Application_Error event trap that specific exception and redirect to your login page.
Upvotes: 0
Related Questions
- admin users will be invalid in asp.net membership after a while
- user logged out frequently (Default Membership provider)
- Problem: control Session timeout
- asp.net Session timeout issue
- Asp.net membership never logout
- Asp.net membership logout automatically
- ASP.NET TimeOut expired on: Membership.ValidateUser(username, password)
- membership timeout and session timeout
- ASP.NET sessions timing out using SQL Membership Provider
- ASP.NET Membership - User Times out Earlier than Expected