I have implemented the basic forms authentication.In web.config I have set the following, in the authentication tagtimeout = "50000000000" Other than that, I have an out-of the box implementation.I have no custom provider.My clients want to pretty much enter the username once a day.The timeout is in minutes, so I am sure that they are not waiting over 5 million minutes,so something else has to be booting them.
View 7 Replies
I want to redirect the user after 2 mins if there is inactivity for 2 mins. I am not using ASP.NEt membership. And I dont want to use Sessiontimeout for this. Session timeout will logout the user even if he is working on the system. My objective is like screensaver process.
If there is no action for the specified time, the screensaver runs. Similarly, I want to redirect the user to login page.
note that i have already handled it with the following javascript:
[Code]....
Here what my problem is,
the user is working on the site...ok.. he want to see someother site.he browse someother site and works on....or even he can do some other work in his system...but he is active in his system... What this script does is, it automatically logout the user and redirect him to login page. But it should not do while he is active...IT SHOULD REDIRECT IF HE IS NOT ACTIVE REALLY (Similar to Screensaver process)
Is it possible ?
In my webconfig i put
<system.web>
<sessionState timeout="60"/> doesn't work for me
Also i changed in IIS configration Manager as well from 20 minutes to 60 minutes, but still it expire after 20 minutes of no actiuvity.
I have a site that is using Forms Auth. The client does not want the site session to expire at all for users. In the login page codebehind, the following code is used:
// user passed validation
FormsAuthentication.Initialize();
// grab the user's roles out of the database
String strRole = AssignRoles(UserName.Text);
// creates forms auth ticket with expiration date of 100 years from now and make it persistent
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddYears(100), true, strRole,
FormsAuthentication.FormsCookiePath);
// create a cookie and throw the ticket in there, set expiration date to 100 years from now
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)) { Expires = DateTime.Now.AddYears(100) };
// add the cookie to the response queue
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));
The web.config file auth section looks like this:
<authentication mode="Forms">
<forms name="APLOnlineCompliance" loginUrl="~/Login.aspx" defaultUrl="~/Course/CourseViewer.aspx" />
</authentication>
When I log into the site I do see the cookie correctly being sent to the browser and passed back up: However, when I walk away for 20 minutes or so, come back and try to do anything on the site, the login window reappears. This solution was working for a while on our servers - now it's back. The problem doesn't occur on my local dev box running Cassini in VS2008.
I'm facing a great problem in session. My session expires after every 4-5 minutes. Firstly I checked my web hosting settings. I increased session timeout to 50000. In my web.config I wrote :
[Code]....
Also Locally it expires withing 5 minutes. Secondly can I also increase idle timeout.
sessionTimeout = sessionTimeout - 10;
I Set session timeout I wnt to show the remaining session timeout on the page and show in the format seconds i.e. 7.45min remaining
I get about 5 minutes of inactivity before a logon box appears for a site I manage. Once logged in, our users must be able to stay logged on all day with no annoying logon popups. This started happening after a change i made to IIS6. We formerly had digest authentication and windows integrated authentication checked and everything worked fine but our users complained because they had to put creds in as <domainuserid>. We want to get rid of the domain requirement. To do this i unchecked windows integrated authentication and added the domain to the "Realm" text box. I can log in now without the domain, and everything works as before but I only get a few minutes before I have to relogon. I tried increasing the connection timout to 36000 and have keep alives checked on the web site property page. I also tried setting the web servers registry setting: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesInetInfoParametersDigestContextCacheTTL to 36000 (ten hours). these changes had no effect that I can see.Our setup:we use SSL and have a test certificate that is expired We are hitting the site on our intranet with IE7 or IE8. The production version of this site is on the internet though.IIS6 on a 2003 serverkeep alives is checkedanonymous authentication is uncheckeddigest authentication is checkedwindows integrated authentication is uncheckedIISRESET was run after each change.
View 7 RepliesThis is my web.config settings:
[Code]....
AND this:
[Code]....
neither keep me in for more than 30 minutes.
for some reason the Ticket is set correctly for 90 days. But the cookie is always January 01, 0001. Below is the output of the Authentication Dates.
Ticket Issue Date: Wednesday, January 05, 2011 4:35:42 PM
Ticket Expiry Date: Tuesday, April 05, 2011 4:35:42 PM
Cookie Name: .ASPXFORMSAUTH
Cookie Expiry Date: Monday, January 01, 0001 12:00:00 AM
I have a web application that uses forms authentication, memberships and roles. I'm finding it difficult to test but it looks as though the application is forcing my users to log in again after about 20 minutes of inactivity. However, the nature of my application requires users to stay logged in for longer than this even if they aren't using the application constantly.
I've already set the following line in my web.config file so that doesn't seem to be making a difference:
[Code]....
Is there something else that I need to set to prevent my users from being redirected to the login page too early on? I'd like them to be inactive for about an hour before forceably logging them off. I don't want them to lose their work if they don't use the system for 20 minutes.
We have the timeout value set to 120 in our <form> tag within the web.config. We do not have a session timeout set.. and we have various connection strings.
We are having a problem where a session variable will disappear (become NULL) .. but, the form evidently remains 'open'.. or no re-login is required..... so, my question(s):
1. what is the relationship between form timeout and session timeout
2. how do I set session timeout
I'm using the ASP.NET login control.
How can I set the session timeout?
We have an ASP.NET 2.0 site in which we use ASP.NET login / authentication controls.
Our users currently timeout after approx 20 minutes, forcing them to log back in, and this appears to be causing downstream errors in our application.
I have tried increasing the SessionTimeout value to 120 mins (<sessionState timeout="120" />) in the site's web.config file, and the "<membership userIsOnlineTimeWindow="5000" >" value in the web.config is set to 5000 minutes.
These are the only values / settings I can think of to affect this behaviour.
have a website which as far as I know has the following timeout settings:1) In Web.config, FORM's authentication timeout="10"2) In Web.config, MEMBERSHIP's userIsOnlineTimeWindow="10"3) Assigned in Global.asax on Session_Start(): Session.Timeout =10;In the past I had problems because at least 1) and 3) weren't in sync, not sure about 2).
Do these 3 have to be in sync and if so, is there a way to set the timeout once and to have it applied to all 3? I deploy my website to many clients and each may want a different timeout, so I'm looking for a dynamic method to set this, perhaps after loading the timeout period from the db or settings file.
We currently have a set of ASP.NET application and we are migrating them to use Windows Authentication (used to be form Authentication). We will eventually let the user to connect to our site entering Windows Authentication credentials. When we tested within our system across different domains, we noticed that the authentication session seemed to be cached even with the server session had timed out. In other words, once the user logged in and keeped an Internet Explorer window up (didn't even have to be in ourapplication page), the user could always navigate back to our application without being prompted for security login again. We had our site included in the Trusted Site list of the IE browser.Is that the expected behavior for ASP.NET Windows Authentication? If that is the case, is there a way to end the Authentication cache when the users leave their IE windows idle.
View 7 RepliesI have a question regarding Form Authentication Session Timeout
I have a form authentication and i have set the session timeout in my webconfig.
After I login to website using my form authentication, the session is not timing out even after i login more than 30 minutes.
It seems i'm still authenticated and can access everything.
Is it normal ? I thought if we set the timeout in webconfig it will automatically log you out because the session expire.
<authentication mode="Forms">
<forms name=".authentication" loginUrl="Login.aspx" defaultUrl="Default.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="true" domain="" />
</authentication>
So I took over a companies site and are QA department noticed that after the site sets idle(30 minutes) they can still click around until it preforms a database function that is when it errors out. I thought I had the web.config set properly that the user would be logged out after 30 minutes, but they are still able to make clicks on a gridview and popup modal popups. The site uses membership and I have never had an issue in the past with the timeout on forms auth.
[Code]....
My 3.5 app uses Forms Authentication. I create an authentication cookie (ticket) with an expiration date of one day. The cookie's IsPersistent is set to True. I do not use any session variables. Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the session and the cookie were independent of each other.
how to redirect to a custom URL on Forms Authentication timeout? The timeout is working but it is only caught when I try to go to a page in my application because each Page_Load method is wrapped in a custom IsLoggedIn method. Here is the settings I have so far in the Web.config.
[Code]....
My client wants 2 separate login pages for an ASP.Net app, one for regular users, one for support staff. I am using the standard FormAuthentication component for authentication. Is it possible to redirect a regular user to one login page after a timeout, and also to redirect an admin user to a different page after a timeout? The loginUrl attribute of <forms> in web.config is read-only, and cannot be edited at runtime.
Regular User -> Timeout -> Login.aspx
Support User ->Timeout -> SupportLogin.aspx
I need to configured my web application to display a warning message to the user 5 minutes before the authentication session expires. I found a javascript code that acts as a counter, however I still could not figured out how to make the page to refresh when the user clicks the Ok.
this is the javascript code...
<script
type="text/javascript">
var leftime =5;
var interval;
interval = setInterval( 'change()' , 600000);
function change()
{ lefttime --;
if(lefttime<=2) alert("the session will be off, left time is "+lefttime+ " second!")
}
</script>
how to write session timeout in web.config and after session time out i want to redirect to login page .
View 5 RepliesI have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.
The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.
here's what I have:
My asp.net 3.5 app uses Forms Authentication.
I create an authentication cookie (ticket) with an expiration date of one day.The cookie'sIsPersistent is set to true.
I do not use any session variables.
Session timeout is the default 20 minutes.
Here's the problem:
When the session times out in 20 minutes, the user is redirected to the logon page even though the authentication cookie has not expired.
Why does this happen? I thought the cookie and the session worked independently. Shouldn't the user remain logged in as long as the cookie hasn't expired?
I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.
Documentation found on:
[URL]
[Code]....
Here is my code:
Web.config:
[Code]....
Login.aspc.cs:
[Code]....
Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.
i would like to redirect user to login page after defining session timeout
how to redirect the user to my login.aspx and how to set session time out within web.config
