If Admin Block User Then Session Should Be Expired
Jul 12, 2010Is there anyway to implement this.If admin block a user then session of that current user should be expired in ASP.NET
View 1 RepliesIs there anyway to implement this.If admin block a user then session of that current user should be expired in ASP.NET
View 1 RepliesI have developed a ASP.NET application,I have used sessions for parameter passing.I dont want to let the user to enter data when the session expired.Please suggest me how to do that.
View 1 RepliesIn our project, we have a situation where the administrator needs to 'force log off' a particular user under certain conditions. In other words, the admin user needs to have the ability to kill any other user's session.Is this possible? By using the session properties, we can kill the current session (the current user's session) but is it possible (for the admin user) to kill some other user's session?
View 1 RepliesI have a page where, when the user has successfully logged in, I store some values in the session.
I then use these values to load an application list page. This page is automatically refreshed after 20.1 minutes, with the sessionstate timeout and forms timeout in web.config set to 20 minutes (with sliding expiration). This means, if the user does not use any page for more than 20 minutes, he is timed out.
My problem is that the User.Identity.IsAuthenticated sometimes returns true, when the session has expired.
Why is this happening, and how can I fix it?
I am looking for a way to distroy the ASP.net membership session for a specific user. The reason I am doing this is as an admin I want to delete a user. This works fine, but if the user already has an active session, he is still marked as "online" until this session dies (I verify each time by using Current.User.Identity.IsAuthenticated). How do I go about killing a session based on the user it's authorized as. This way when I do Memberships.DeleteUser(username) I can also do Sessions.KillByUser(username)[URL]
View 2 RepliesI have an aspx page that has all its controls inside the scriptmanager and update panel.
I want to send the user to sessionexpired page after 20 mins of inactivity.
For this, I am writing the below code on page_load
Response.AppendHeader(
"Refresh", Convert.ToString((Session.Timeout * 60) + 10) &
"; URL=SessionExpired.aspx")
But the page is going to sessionexpired page after 20 mins even if the user is working on the page.
I think since I have all my controls in an update panel it is not doing a complete postback and hence the session object is not getting refreshed.
I have a problem by getting session which created for new site visit or session expired.
View 3 RepliesI'm developing an extra section to a web app that's written in asp.net, but in php - it's mostly done (the two parts don't really communicate with each other outside of a database - the integration is mostly just cosmetic.)
The only issue I have is detecting from the php part when the .net session has expired so that it logs the user out and redirects to the login page.
I believe the asp.net application is compiled, but either way I'm not allowed to alter it so I was thinking maybe the best thing to do would be to make a very small/simple aspx page that outputs true or false which I could call using curl from php (and passing the browser's cookies along.)
Would this even be possible? I'm not sure how session security works on asp.net eg whether one .net application can read another's session variables, but if it's anything like php then it'll be possible.
mypage.php --curl--> checksession.aspx --|
| |
<----------- true / false <---------------
So mypage issues a GET (with cookies from browser) to checksession using curl, checksession simply returns a true or false (or something like that) and mypage redirects to the site's login page if that's false.
The authentication for the php side is already sorted out and is separate to this issue.
So really, what I need to know is can I have just a simple .aspx file that does this check, and if so where would I go to to find out how to program such a simple page?
I am new in dot net i create a website. and managed session variable to stored logged-in user information.when someone close the browser, session still exit or db not update.
View 3 Repliesi am using session of username after login, it works fine usually, but sometimes it gets expiredon any pages randomly...it is expiring on both local host and the live server.
View 6 Repliesi am new to the MVC 1.0 development. in my application i am using ascx files to display in the JQUERY UI Tabs, when session is Expired i am rediretin it to the Login page.but the Login page is dispalying in the Tabs.
Code :
return RedirectToAction("login",
"Account");
i want to dispaly login page as a whole page not in the TABS.
I am creating a web application using ASP.Net. I am using session in my application.
There is one scenario where I am trying to access session variable through Javascript. It is working fine, when I m accessing it in normal state. But after session expiry, if click on any button, it throws exception and behaves abnormally, resulting in page not found.
Here is the code I am using;
var TransactionID = '<% =((Hashtable)(Session["SessionData"]))["TransactionID "] %>';
if(TransactionID !='')
{
//action
}
I am trying to achieve something like of sort in c#;
String lsStr;
if(null != lsStr)
{
//action
}
The Scenario:
I have a situation where I need to pass some session variables to an ASPX page, inside a DNN module. This page is then transferred to Winnovative's PDF publishing component's in the form of a byte array. The component returns a PDF document in the result, furthermore that PDF document is then emailed to the customer.
The Problem:
The session gets expired when the ASPX page is called (hosted as a part of DNN web project on IIS) to pass it to Winnovative. It was noticed that the session expired when ever I request the page (by any means) and a new session on that page is created.
Is there any workaround (without involving a database) that I can access those session variables (it is a dataset) from that particular ASP.NET page?
Is there any possibility to check whether a particular session has got expired or not?
View 1 RepliesI'm using the code below in the we.config file.
<sessionState mode="InProc" cookieless="false" timeout="30"/>
There is no issue with the session expiration locally, but the same web application logouts frequently when I uploaded it to the webserver. The session no longer keep it's state for 30 minutes when the application left idle for some time.
I need functionality that will allow to discard objects from session if they are not used in specified amount of time. It is simmilar to Cache timeout functionality.
Is there any session provider (possibly free) or pattern that achieves that?
Can anyone tell me how to detect when a users session has exipred in asp? I want to redirect users to a logged out page once the session has expired.
View 3 Replieswhen i run my web application in my system the session not expired during access of the pages, but when i launch application in the remote server the session expired during access of the pages
i specifiy the session time out in web.config as follows
<sessionState mode="InProc" cookieless="false" timeout="30" />
But i don't know what the problem is
URL... it will show me this page but if i click on reply it will through me back to login page , ok i assume that would be a session variable checking for validation , but after login , it must take a user to default aspforums.net website , but it won't , it takes a user back to the page where he clicked the button and was thrown away ... i want to achieve this thing , how is it done ? bcx in my application my login url is Login.aspx , and my default url after which everytime users get into after successful login is dailyLog.aspx , now if he after login goes to abc.aspx page and session expires there , he gets back to login page , but after Re-Login , he again gets back toURL... because at LoginBtn Click event i have redirected him to DailyLog , but that's what i don't want , i want my default page to be DailyLog , but if session expires user would be send back to abc.aspx page ...
View 1 RepliesHeres my code :
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="50" />
</authentication>
<sessionState timeout="60" />
</system.web>
[Code] ....
but my session expires message shows after 1 minute .... whats that ???
I referred this article , bcx it was easy : [URL] ....
I receive the error message "Error: Your session has expired. Please refresh your browser." When I export a table in ASP to Excel. I know for a fact that the correct data to export exists. Everything works fine except for this error message. I don't see how the session on a browser could run out in a matter of the one second it takes for the Excel file to pop up
View 2 RepliesI am getting "ASP.NET session has expired" error when viewing a (SQL server reporting services) report using report viewer control. sometimes it works fine and sometimes I get this error, it works fine in Dev, but not in test environment. Please let me know if you have any clues.here is the code for the report viewer control.
ReportViewer1.ServerReport.ReportServerUrl =
new Uri(System.Configuration.ConfigurationManager.AppSettings["ReportServerUrl"]);
ReportViewer1.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings["ReportPath"];
ReportViewer1.ServerReport.SetParameters(new List<ReportParameter> { new ReportParameter("key", "value") });
ReportViewer1.DataBind();
What might cause this? Seems to be happening at random on a site I created. A user will for example be filing in a form, and when they click Save, it will flash to the login page as if the session has expired, but it will still show them logged in, and if they click back and save again it will work. It's not confined to the one page either, it just seemingly at random acts like the session has expired when it hasn't.
View 7 RepliesI found a great answer on SO describing how to set up custom user roles, and I've done the same in my project. So in my Login service I have:
public ActionResult Login() {
// password authentication stuff omitted here
var roles = GetRoles(user.Type); // returns a string e.g. "admin,user"
var authTicket = new FormsAuthenticationTicket(
1,
userName,
DateTime.Now,
DateTime.Now.AddMinutes(20), // expiry
false,
roles,
"/");
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);
return new XmlResult(xmlDoc); // don't worry so much about this - returns XML as ActionResult
}
And in Global.asax.cs, I have (copied verbatim from the other answer):
protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null) {
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var roles = authTicket.UserData.Split(new Char[] { ',' });
var userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), roles);
Context.User = userPrincipal;
}
}
Then, in my ServicesController class, I have:
[Authorize(Roles = "admin")]
//[Authorize]
public ActionResult DoAdminStuff() {
...
}
I login as a user with the "admin" role, and that works. Then I call /services/doadminstuff - and I get access denied, even though when I put a breakpoint in Global.asax.cs, I can see that my roles do include "admin". If I comment out the first Authorize attribute (with roles) and just use a plain vanilla Authorize, then I can access the service.
I am currently using the brinkster hosting (Pro Package) but recently they change my hosting to the new one and after that I got an error for sometimes and my session also expired very fast. Below is the feedback from Brinkster.
Thank you for letting us know about your recent experience with your application. From what we are able to find regarding your application problems, they appear to be related to your ms access database. Due to limitations of ms access, you may want to consider updating the database running your website to mysql. A Mysql database is available to your account at no additional charge.
MS access begins to experience issues like database locks (which is what appears to be happening to your application) when there are more than 3 or 4 concurrent connections to the database for reads. MS access is also only able to have one write connection open at any given moment. MS access databases are more susceptible to corruption and data loss than database application built for large application use and Enterprise or corporate use.
When you were hosted on the previous server, your IIS application pool was getting reset many times per day. This action was in effect unlocking your ms access database from its locked state. After we moved you to the new system and raised your memory utilization limit, your application does not receive resets more than one or two times a week. I have lowered your memory utilization from 200 to 100 in an effort to have your application reset more often, unlocking your database if it has began to cause issues.
My question is, do i have a choice to avoid change my database from MS Access to MySQL? Is MS Access database really have such problem as they mension or somethingelse happen on their server?