State Management :: IIS Keeps Users Logged In Forever
Apr 22, 2010
I have created a simple website in asp.net using forms authendications but when I publish my website in IIS 6 on a Windows Server 2003 machine it keeps the users logged in for ever even though I have set the web.config to expire after 30 min. My website has 2 pages a login.aspx and a home.html. When I run the website in my development machine using the ASP.NET Development Server I have no problem the website works as expected meaning the users can not access the home.html unless the have been authendicated by the login.aspx page.
Also once loged in, after clearing the browser cookies the web site asks for login again which is again the behavior that I am trying to accomplish. However once the website is on IIS does not take in account the authendication that I have set up on my web.config. What is overriding my web.config? Do I need to make some changes to the global configuration of IIS?
We've got a fairly large, complex web application that uses Forms Authentication to authenticate users. Throughout the application we store and retrieve information about users in the Session object, and in some cases in cookies. In a couple places we check for the existence of the context, and if it's null we send the user back to the login page to re-establish the session. Just a quick run-down of this web app: C#, .NET 3.5, IIS 6, ASP.NET State Service to manage sessionAs for the session timer, we use our own home-grown timer, which is basically a client-side timer, which is backed up by a check to the SQL database to see when their last activity was. This seems to work well for us. It's not perfect, but it allows us to notify the user before the session times out, and allows us to be certain we're not logging a user out before their 60 minutes of inactivity is up.What's happening is that certain users are being logged out after just a few minutes. We've eliminated the timer as a cause and believe what's happening is the HttpContext.Current is null, so the user is logged out. We do not know why the HttpContext.Current is null, and I understand there are many reasons that may occur. What I'm trying to figure out is, is there any way to re-establish the context once it is null? If not, is there anything I can do at this point other than have the user login again? We're also trying to figure out a better way of managing user information (preferences, roles, flags, history, etc), but everything needs context to use, right? Cookies, sessions, cache, etc. all require a response or request, correct? hope this makes sense, because I really need help with this. I've searched the forums here, and found many posts about HttpContext.Current going null, but not a lot of solutions for this...
Many web applications use sessions to check the logged in status of the users. Is there a better approach to check the logged in status instead of using session state?
I'm looking at a pure ReSTful approach where is no session state at all. This may make more sense in an mvc application rather than an asp.net application.
I have a requirment , my site is using Formauthentication cookie to validate the users , so once the same user is logged in to another browser again ( same Machine or different) then I need to log off the first site and need to allow the second one active.I am thinking to implement this by storing a uniqueID in the DataBase user table .Once the user Logs in then I will store this ID in to the database and for each request I will check whether the ID is same or not, once the user logs again in to another browser then the Unique ID will get generated again and store (update the previous one) to the user table so that the request from the fisrt instance browser will fail to validate and kick out to login Page.this procedure will reduce the performance since all the time it need to intract with DB, so is there any other possible way to Implement this scenario with out using BD - but using formauthentication cookie.
I am working on a asp.net 3.5 app. In the Global.asax in the Application_Error method, I am logging everthing to ddatabase (log4Net).
I have a session limit of 20 minutes. What happens when the user hits that limit and then clicks on the Submit Button of the app. ?Will that generate any exception? and will that exception be logged into my database as I am logging all exceptions in my Application_Error method.
want to know, if the developer is logging out of the website , when .Net Custom Error pages are displayed. If the browser's back button is pressed, previously logged-in page is displayed again. Is there any session going on. How to remove all relevant cookies on logout.How to resolve this
I want know, If an error has occurred and website is redirected to the Custom Error Page and is also logged out. If back button of the Mozilla browser is pressed, previous logged in page is displayed. I have also used 1. Response.Cache.SetCacheability(HttpCacheability.NoCache); 2. Response.Cache.SetExpires(DateTime.Now);
in Page_init on Custom error page. Also set the values of .ASPXAUTH and other cookies to 1 but again page is not going to the Login Page. These cookies could also not be removed.
i'v an enquiry form, user is operator as Role users fill enquiry form (enquiry.aspx) and view enquiry list done by thmselvs in viewEnquiry.aspx page in GridView im testing using different users accssing this application same time The Problem:
user1 has done 10 enquiries, and in viewEnquiry.aspx able to see is 8 enquiries the 2 remaining enquiries is reflecting in user2's profile or (in viewEnquiry.aspx page as logged in user2) what i'v done: i'v used "public static string UserName;" in Global class file clGlobal.cs in App_Code when user done login successful i stored UserName = dr.GetValue(2).toString(); and clGlobal.UserName = "" on Logout and on master page Load of User im checking (if clGlobal.UserName == "") then redirct to Login.aspx
I are building a web application which will be deployed to Windows Azure. I want user to set session timeout value which will be stored in Database. Currently I am aware of Web.Config method to set session timeout. i.e.
We have a problem when 2 users from different machines click on button to open the same modal window at the same time from the same page, they see the same data, which are not suppose to be.
i do my checks and see that they are getting the same page instance , i see that the page.GetHashCode and the page.SessionID is same for both users.
I have a default 30 min session timeout for normal users. Now i want to set 1 hour time out for admin users. Can someone guide me how to acomplish this.
I totally have no idea on how to do this. How can I get the time everytime the user use my system. We are using AD account here so we don't have login and log out. All I want is as long as the user browse to my system whether he is working or it or not become away or any, I will record its time and save it in my database then accumulate all the time he spent in my system for admin reporting.
I have to maintain session of two users on a sigle page.And the path is. UserPath:
1.User logins with his credentials((We retrive their credentials from login table) . 2.He invites some of his friends for a birthday party. 3.And send an url link to share some of the gifts with them in which gifts are provided in Share.aspx page. 4.Userlogouts.
Invites path:
1.Invite logs in with his credentials(We retrive their credentials from invites table). 2.He is directed to go to Share.aspx and list the items he require. 3.And he logs out.
Now i have problem in maintaining session for both the user and invite. How can i maintain the session so,that the user can identify a particular invite from the list of invites an his chosen items.
I have a website that has 10 aspx pages in it, and I'm trying to count how many users are on any one page at a time, and display that number on the web page. I have set it up to use an Application object ("TotalViewers"), and initialize it to 0 in the Application_Start event handler of the global.asax file. My reasoning (probably way off base) is to increment the count on each page load, and then decrement the count on each page unload. The increment part works ok, but when I add the code in the page unload event handler to decrement, it seems that Unload happens before the Page is presented to the client, so the value always stays the same (adds one in page load, subtracts one in page unload).
How else can I track number of users on each page? (simply, becuase I am still a beginner). I have already done some google searching and haven't come up with anything useful.
All my pages are being navigated via a TreeView control.
I am saving for each user a session with information about his current page viewing.
Each time the user is moving to a new page, I am updating the session with the new page he is right now.
Now, my question is if I can make any loop over all of my users session and answer a question like: How many users are now on page "2.aspx" for example?
There are a couple of user's experiences session variable loss after they've clicked a confirm button and their information is email via a relay hosting server. Below, I commented exactly where the session variables get lost.
What could be causing the session variable loss? So far, this only happens to a few users.
I have some webforms and the main page grabs the users email address when they login and a UserID. It's not uncommon for the user to keep the web page open all day. Is it good practice to store the email address and ID as a session variable and up the timeout to say 10 hours? Or is there a better way? My concern is A) Session variables timing out before the user login timesout B) Doing this incorrectly.
