How To Create A Website That Has A Custom Authentication/session Timeout For Each User
Apr 4, 2011
I am trying to build an ASP.NET site that allows each user to set their own session timeout value. Basically from the user's perspective if they set their timeout value to 30 then that means that after 30 minutes of inactivity they are required to re-authenticate. If they set their timeout value to 0 then that means that they can leave the browser open as long as they want and their session never expires - they never have to re-authenticate. This is different than "remember me" functionality. If they close their browser they will have to re-authenticate.
Currently I am using Forms Authentication in my application and I have one object that I am storing in ASP.NET session. This object is a custom User object that has a number of different pieces of information about the current user.
What code would I need to write so that after successful login, the system has the proper authentication ticket and the proper session expiration value? I keep thinking I have this working and then I notice weird time outs where the system seems to think I am authenticated but my session has expired.
Currently on my login page I am using an ASP.NET login control. i have custom code in the Login_Authenticate event to authorize the user. Then I have the following code in the Login_LoggedIn event to set the auth ticket.
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
I have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.
The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.
I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.
I do not use any session variables.
Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?
I am using asp.net mvc and jquery to make ajax requests and when the session times out after an ajax request the full sigin page gets loaded into my ajax div.
How can I display a modal popup instead of making a redirect when a session times out?
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
In my website, the session is expired after 5 minutes. I need to extend the seesion state to minimum 4 hours. Currently, in web.config file I used the following code.
I have set the authentication timeout and session timeout in web.config is 100 (in minutes).LoginName control shows logged in username and logout link.After 15-20 min LoginName control shows nothing and login link regardless my authentication timeout(which is 100).I can work on that page till server trip is not happen.
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
I want to prompt the user when 2minutes will left in session timeout. If user press Yes it refreshes its current session without losing the form data if user select No then it logout its session. I want to know how to capture that two minutes are remaining and how to refresh the current session without losing form data. Im using Asp.Net MVC 2 with JQuery, One more thing Im not using Form Authentication
In our application we are using forms authentication, we have given defaulturl also in the config file. But the problem is that it is not getting redirected to the default url when the session timeout is occuring.
I am building a web app that is limited to one database, therefore I cannot use the ASP.NET config tool. As a quick means of getting this app online, I tried to use a simple session variable. The login page verifies the user's credentials, and if they pass, it sets the session variable to a certain value. All other pages check in the page_load event whether or not the session variable is equal to that value. The problem is that once being logged in for a short while and sending and recieving some data, the session variable resets, and I'm returned to the login page to repeat the process. Here's the basic code from my webforms:
[code]....
Is there some setting I need to change in the web.config file to adjust the cookie timeout or is that only for the config tool authentication methods?
I need to show how to show countdownwhen the user session expire? if users session expire means i need to redirct user to login page.. How can i achieve this?
I have a page of each every click has ajax call to my server (hence, the ASP extends the session)
I have ASP.NET session set to Xmin. I want when X+1 min expires, I have expiration page. what I did was to set the JS timer to validate every x+1min to see if the session expired (the problem is that the JS and the ASP session timeouts are not synced)
I simply want to display a message on the login page when the user is automatically redirected there after requesting a page that they were logged in for but their session has now expired. So essentially if the user was working but stepped away for a lunch break without logging out I want the system to tell them why they were sent back to the login page.
Something like "You have been idle for too long so you must log back in".
This has to be easy I am just running into a wall here. I thought about getting the original ticket and reading the expiration date but I'm a little lost.
i install sql sever 2008 and i want use as a serve side authentication. How to cerate server side loging["userid" , "Password"] it directly apply on sqlserve 2008 not any sqlquery
I am wondering how does this website - stackoverflow handle the user authentication? It accept yahoo, google, facebook, myspace, openID etc to login. And most importantly with asp.net.I want to build something like this too.
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
I'm working to set up/correct my session timeout code, and have consulted numerous articles like this one and this SO post for ideas on how best to do this. The solution to detecting a session timeout that I continue to see over and over is to first check the Session.IsNewSession property for true, and if so, then check to see if a session cookie already exists. I guess the logic here is that the user has ended their last session that timed out, started a new session, but the old cookie wasn't yet removed. The code for those checks looks like this:
[CODE]...
The problem is that the session does not end, and all of my session timeout checks are in the Home/Customer action (I use MVC). So I'm redirected to Home/Customer, and I run through the checks above, but when I get to Session.IsNewSession, it's false, because the session is still alive (I assume because I'm still within the 120 minutes I have set)
I want some efficient way that how can i display a message to user that he is about to logout after 1 minute if user is idle and doing nothing on the page for 1 mintue.
on message if user want stay online so he must click keep me online or say logout.
