ASP.NET Forms Authentication Timeout and Session Timeout

0
votes

I am using forms authentication in asp.net. I have set timeout to 1 minute. As soon I login, if authenticated I will be redirected to Home Page (HomePage.aspx). This is working fine. If I stay away from the website and comes back after 1 minute, and try to access any other page, I will redirected to Login page as expected. My question is, if I come back and do some post back or refresh, then only I am redirected to login page otherwise I will be staying on same page. What should I do in order to login page to appear on screen if I come back after 1 minute.

<authentication mode="Forms">
<forms  loginUrl="~/LoginPage.aspx"  timeout="1"/>
</authentication>

<sessionState timeout="1"></sessionState>
2
asp.netforms-authentication
Hi, Thank you for answers. Below post also helped.stackoverflow.com/questions/15991652/asp-net-automatic-logoutuser2965957

2 Answers

0
votes

Check your Session_End in Global.asax then try to put some code to redirect to your login page.

0
votes

You can follow asp-net-push-redirect-on-session-timeout. This SO post shows the way to redirect using <meta> in page header section. I have not tested it but I doubt setting the <meta>, it may always redirect after session timeout even for non-logged in pages particularly in case it is implemented in MasterPages.

If you do not want to use headers or you want custom JavaScript based solution you can do it this way:

<script type="text/javascript">
    // get session timeout value
    var sessionTimeout = '<%= Session.Timeout %>';
    // convert from minutes to ms
    var sTimeout = parseInt(sessionTimeout) * 60 * 1000;
    setTimeout('SessionWarning()', sTimeout);

    function SessionWarning() {
        // use a session variables (User_ID) that confirms we have a logged in user
        var userid = '<%= Session("User_ID") %>';

        // ignore for pages that can be viewed without login. In that case User_ID will not be set
        // also on session end User_ID needs to be set to zero/null/blank
        if (userid == '') {

        } else {
            if (parseInt(userid) > 0) {
                // if the user is logged in redirect to login page on session timeout
                window.location.href= '/LoginPage.aspx';
            }
        }
    }
</script>

You can place this script on the page for which you want auto redirect or on a MasterPage for using on all pages.