Security :: How To Control Session Timeouts
Feb 19, 2010
My web.config file contains:
<system.web>
<membership defaultProvider="AccessMembershipProvider"
userIsOnlineTimeWindow="30">
<providers><clear/>
<add
name="AccessMembershipProvider"
type="Samples.AccessProviders.AccessMembershipProvider, SampleAccessProviders" .... >
</providers>
<membership>
I expected this would set 30 minutes as timeout for inactive sessions, but they seem to be timing out much sooner.
Is there some other way to specify time for session timeout ?
I know I am using an unsupported AccessMembershipProvider which I was forced to do because my host service does not support SQL Server Database (so I am using an Access Database).
However, this AccessDB provider seems to work fine in all other respects. I'm suspecting that the early timeout is because of some other obscure setting.
View 1 Replies
Similar Messages:
Jul 22, 2010
There are various ways to handle session timeouts, like "meta refreshes" javascript on load functions etc.
I would like something neat like: 5 minutes before timeout, warn the user...
I am also contemplating keeping the session open for as long as the browser is open(still need to figure out how to do it though... probably some iframe with refreshing).
How do you handle session timeouts, and what direction do you think i should go in?
View 3 Replies
Jun 22, 2010
I are building a web application which will be deployed to Windows Azure. I want user to set session timeout value which will be stored in Database. Currently I am aware of Web.Config method to set session timeout. i.e.
<sessionState
mode ="InProc"
timeout ="60"></sessionState>
Is there any method to set session timeout value according to User's Preference?
View 5 Replies
Oct 13, 2010
Can I still use Session_OnEnd to trap a session timeout? Is there a better way to trap a session timeout? I want to take the user to a page that tells them the session timed out, and give them an opportunity to re-enter the application in a new session if they wish. How can I accomplish this? Is there still a global.asax file in the .NET 4.0 world?
View 1 Replies
Apr 14, 2010
I need regarding best practice for asp.net session management without using membership. I have design a login page which has two Text boxes and a Login Button. I need a again best practice which authenticate user and save user information in session. So in main page after login I want to check either session is expire or not. I need an complete example. Further more I am using ASP.NET 3.5.
View 5 Replies
Mar 25, 2010
Im new into using login controls in asp.net. I have read some articles about Authorization and Authentication for ASP.NET pages. I store the user details in Sessions once the user successfully login to the site. However, i have a problem experiencing when using the LoginStatus control. When i try to logout of the page it doesn't remove or destroy the Session that i have put into the whole application. Here's the markup of the LoginStatus Control
<asp:LoginStatus id="MasterLoginStatus"
LogoutAction="RedirectToLoginPage" LogoutPageUrl="~/LoggedOut.aspx" runat="server"
onloggingout="MasterLoginStatus_LoggingOut" />
[code]...
View 1 Replies
Feb 3, 2011
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
View 1 Replies
Jan 16, 2010
I have a file upload to SQL Server 2005 DB that keeps timeing out at different times. I know about the web.config <httpRuntime maxRequestLength="2097151" executionTimeout="180"/> Where else are there times out settings?
View 8 Replies
Nov 22, 2011
I have a web service that sends up to 5000 emails to our customers.
It is called asynchronously from a web application and then chuggs away sending the emails. Generally it works okay. Yesterday, it kept stopping - sometimes after sending a small number (33 first time) and then it might send another couple of hundred - then 50 or so etc. This went on all day as I kept manually calling the web service.
The data (subject, body, fromaddress, replytoaddress etc) is all kept in the database - as are the recipients.
Here's the code that gets the data from the database.
// Create Instance of Connection and Command Object
SqlConnection myConnection = new SqlConnection(ConnectionString);
SqlCommand myCommand = new SqlCommand("CPEmailsToSend_List", myConnection);
// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
myCommand.CommandTimeout = 1000;
[Code]....
So I have a dataset containing 3 sets of data - the subject, body etc., a list of attachments and a list of recipients. I then use the .net smtpClient like this:
Code:
//about to start sending emails - update the MessageSendStatus to inprogress
myCommand.CommandText = "CPEmailSendStatus_Update";
myCommand.Parameters.Clear();
myCommand.Parameters.Add("@CPEmailID", SqlDbType.Int).Value = CPEmailID;
myCommand.Parameters.Add("@SendStatus", SqlDbType.TinyInt).Value = 1;
[Code] ....
When the web service stopped (it kept stopping yesterday) - no errors were raised. I have a function on the page that checks the email address is valid before I try to send the email as I know the smtpClient does not like invalid email addresses. Normally, invalid email addresses are trapped and the loop continues and sends the next one etc. But, yesterday, it just stopped sending. No error messages - nothing.
So, I began to wonder if the Command object is timing out. With a lot of email addresses to send to (up to 5000) and half a dozen attachments - the web service can take a long time (hours) to send all the emails. So, is the fact that I am reusing the command object over and over again for different stored procedures the issue? (I do this a lot and have never had a problem before - I read somewhere that the CommandTimeout only counts the time network access is used).
I've been sending test emails all morning (but I can only send small batches as I have a limited number of email addresses I can send test emails to) and they have all worked okay ... but, yesterday, trying to send about 5000 emails took about 30 attempts.
View 1 Replies
Mar 25, 2010
I have a webservice, that when called, calls many other web services based on the information that was sent. I have always left the timeout as the default, or a better way to describe it, I have never changed anything.
How (and where) do I change the timeouts for each service individually. Since I have quite a few now, I want the original transaction to never take more than 30 seconds. That said. I want to go in and change the timeouts for the services I have to ping in that 30 seconds to be 5 to 10 seconds based on which one.
View 2 Replies
May 20, 2010
I would like to check if someone tries to access the application with the same username from a different browser/pc/etc. All usernames and passwords are stored in a MSSQL db.
What I am doing at the moment is: In the global.asax-file in Application_start(..) I initialize [Code]....
Now with every user that logs in I can check whether he is allready in ( in that case, he won't be able to log in, he'll be redirected to the login page ). Let's say it's the same user who wants to login but for some reason he wants to start the application from a different pc, maybe in a different building. Unless he hasn't forget to logout, he won't be able to login on this different computer. So he would has to go back and logout or wait for the timeout.
Now wouldn't it be more convenient to abandon the first session and let the same user login to the pc where he is right now?
The question is, is it possible to end the first session without beeing in it? Or is there any other solution for that problem? Since I have the SessionID stored in Application["UserList"] is there any possibility to end that specific session?
View 3 Replies
May 14, 2010
I'm using visual studio 2008 and sql server 2005 and everything is working just fine under normal use. However if a user is on a page for a while several minutes with no activity then clicks a button on occassion the site throws the following exception ...
Procedure or Function "sp_name" parameter '@SomeParameterName', which was not supplied
I'm also encountering this error in Visual Studio while debugging the application, in otherwords run the site from visual studio then make some change to the html in VS save the changes and refresh the page.
The error is not consistent nor is the time the page has to stay idle in order for it to occur....
The current sql command object timeout is 30 secs and the website timeout is 30 minutes.
View 1 Replies
Sep 14, 2010
I've converted an ASP.Net website over to an Azure version and I've got it up and running. However the vast majority of the time I experience timeouts when I'm trying to debug the application.This seems to happen on any page at any time. I start debugging from VS2010 and sometimes the home page will come up sometimes it hangs. When it does come up if I select an item from a drop down list sometimes it works somtimes it times out. I have breakpoints set and they don't even fire I just eventually get the time out.
If I hit refresh that sometimes seems to fix it but it eventually starts happening again. This is making the completion of the conversion VERY difficult and I'm starting to creep up to a deadline.Does anyone have any idea what might be happening? If there is a better location I can post this question to would someone be kind enough to point me in the right direction?Thanks in advance for any help and in addition my email is
mgorgone@pictureu.com as our Windows Live account email is diff.
View 1 Replies
Dec 20, 2010
On an administrative page with a long running process we're setting the following:
protected void Page_Load(object sender, EventArgs e)
{
this.Server.ScriptTimeout = 300;
//other code
}
Is this enough that should prevent that page from timing out as it does what it needs to? I have no control over the process and how long it runs but we've found that 5 minutes is more than enough time, yet we're still getting intermittent errors of:
System.Web.HttpException: Request timed out.
We've tried upping the value to 600 with really no difference and in any testing we've done we can never get the actual process to run for that long. Is there elsewhere that we need to be setting timeout values that won't affect the entire application and only the specific page we need the longer timeout value on?
View 1 Replies
Oct 14, 2010
I have code in an ASP.NET form that needs to, depending on user entry create messages in the database. We are speaking of potentially thousands of db entries. How do I protect against deadlocks, I mean apart from using Transactions and setting IsolationLevel to Serializable, as well as using WITH(NOLOCK) statement on my select statements since I don't mind a dirty read.
Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/13/2010 10:12:14 PM Event time (UTC): 10/14/2010 3:12:14 AM Event ID: a565c58a7f844692859aa21303447c7c Event sequence: 206 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/610100832/Root-12-129314933998593750 Trust level: Full Application Virtual Path: / Application Path: D:Websitesadmin.beta.sharedTime.com Machine name: SHAREDTIME Process information: Process ID: 3440 Process name: w3wp.exe Account name: NT AUTHORITYNETWORK SERVICE Exception information: Exception type: SqlException Exception message: Transaction (Process ID 56) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. Request information: Request URL: http://beta.admin.sharedTime.com/admin_text_mass_send.aspx Request path: /admin_text_mass_send.aspx User host address: 69.211.10.138 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITYNETWORK SERVICE Thread information: Thread ID: 10 Thread account name: NT AUTHORITYNETWORK SERVICE Is impersonating: False Stack trace: at mtNamespace.mt.createmessage_queue(String phone_number, String text_message, DateTime send_on, String system_name, Double user_no, Double send_priority, String message_type, Boolean returnqueue) in http://server/App_Code/mt.vb:line 1509 at ASP.admin_text_mass_send_aspx.save_user_values(Object sender, EventArgs e) in http://server/admin_text_mass_send.aspx:line 103 at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Custom event details:
View 1 Replies
May 1, 2010
I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.
View 1 Replies
Apr 7, 2010
I have an asp.net page that will be doing some processing that may take a very long time to complete. I cannot just set the page timeout value since this is going to be in a hosted environment and the timeout values that I set in my web.config are overridden by the server host. What I'm doing is taking a file from a FileUpload control and doing some web requests to a 3rd party service for each line in the file, all of which may take a very long time to process a large file. I'm talking on the order of, say, 30 minutes, and there's just no way to optimize this any further to cut down on the processing time. Is it possible to even do such a lengthy page request in asp.net? Can someone give me a pointer in the right direction here to make this happen? Is my only hope to create an async page? It seems that doing an async page is the way to go if I have a potential for a lot of lengthy requests, but really this massive of a request is going to happen VERY rarely so this is not an issue of running out of thread pool since most of the time this particular request will be completed relatively quickly, but on occasion it may receive a very large file it will need to process and will take a very long time. So what is the best way to handle that case?I'd also like to update the client with the processing status as the processing is going on. I'm familiar with doing client ajax calls via jQuery to a page webmethod so if there is some clean way to update the client as this long processing
View 7 Replies
Jan 9, 2011
i want to upload picture throw FileUpload control and then store it in session, after store in session i want to read it out to image control and insert to database.
View 3 Replies
Nov 22, 2010
We have an UpdatePanel that is showing a gridview with loads of data in it. We have loads of well written sprocs that don't take very long, BUT we have a few horrible ones that take ages.
We do intend to rewrite them but in the interim we have put the ADO.NET commandtimeout up to 180s. The scriptManager.AsyncPostBackTimeout is set to 240s. We want to handle this on the serverside. One of the reports still fails (it's got a couple of nested cursors in it - someone who hasn't had SQL lesson 101 from me!).
Half the time, the nice error timeout message is shown using server side handling of the command timeout. The problem is that the other half of the time the commandtimeout doesn't seem to fire.
View 1 Replies
May 14, 2010
I had been using the "regular" System.Data syntax to create connections on web forms, like:
dim conn As New SqlConnection(ConfigurationManager.ConnectionStrings("myconnStr").ConnectionString)
dim myCommand as SqlCommand
myCommand = new SqlCommand("my sql statement", conn)
myCommand.Connection.Open()
myCommand.ExecuteNonQuery()
myCommand.Connection.Close()
I say "regular" because most examples I've seen use this syntax, but more recently I've started using:
Using conn As New SqlConnection(ConfigurationManager.ConnectionStrings("myconnStr").ConnectionString)
dim myCommand as SqlCommand
myCommand = new SqlCommand("my sql statement", conn)
myCommand.Connection.Open()
myCommand.ExecuteNonQuery()
myCommand.Connection.Close()
End Using
...because recently I've seen some examples using this syntax.Even more recently, I've discovered that I'm getting some connection timeouts on a busy website I created a couple years ago. After googling the error, I found a few threads stating that the second example above will provide immediate automatic cleanup of connections, and in looking over the website, I'm using the first syntax exclusively.
My question is, am I creating the problem by not fully tearing down the connections in my code above (merely closing them, but not actually destroying them)? Do I need to do something like "set conn = nothing" like I used to do in VBScript?
And if so, will using the second syntax take care of this problem?
View 3 Replies
Mar 9, 2011
I wanna write a method to get or set session timeout at run time.
View 1 Replies
Mar 15, 2010
I'm using the ASP.NET login control.
How can I set the session timeout?
View 2 Replies
Feb 4, 2011
I have an MVC web app and want to setup the security in a fashion that is NOT persisted. The problem is that if a user logs in and closes the browser (all instances) and open a new browser, goes to the site heshe is logged in automatically. I want the "session" to expire if you close the browser but I cannot seem to get the answer.
I have authentication mode="Forms" in the web.config and all my usernamepasswords are kept in a custom SQL DB. I can see that on login, Asp.net drop a cookie called ".ASPXAUTH" that expires in 30 minutes. I changed it to expire "At end of session" but if I close the tab I can see that that cookie is still active.
What do I need to do to get the browser to force a login if the user closes the tab or browser?
View 4 Replies
Mar 16, 2010
I got this login system where I need to set a session for when a user log's on, eacth user have 2 id's, and I need to get one of them to get the right content from my DB... So how do I get my users id's from my session's?
View 4 Replies
May 5, 2010
I am doing web based projects in dotnet. Currently I am implementing security using session variables. I keep current user id and user type in session and authenticate user from these session variables (say Session["UserId"],Session["UserName"] and Session["UserType"]).
I've heard that such security can be broken and applications can be hacked very easily, like it is possible to get session id and directly connect to that session id etc.
View 1 Replies
