FormsAuthentication doesn't redirect properly after timeout

From: Danny (spamdump_at_blabla.com)
Date: 06/17/04 

Date: Wed, 16 Jun 2004 19:26:16 -0700

Hi there,

I was wondering if anyone would be able to shed some light on the
following behaviour for me.

I have an application that is using Forms Authentication with
non-persistent cookies, a forms timeout of 10 minutes, and a
FormsAuthenticationTicket Expiration of 10 minutes. Almost everything is
working as expected... when users try to enter restricted parts of the
site they are redirected to the login.aspx page that I have specified in
order to authenticate themselves. Once authenticated they are returned
successfully to the originally requested page.

(aside: I am able to do this using a call to
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
false)); or FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
false); - either method works.)

If the timeout expires and the user then wishes to access some
restricted content again, they are booted back to the login page
(obviously, this is supposed to happen). The part that doesn't work as
expected is as follows:

After this timeout, once the user then successfully
authenticates themself again they do not get redirected to the page they
were trying for, instead they are redirected to default.aspx at the root
of the application.

I noticed that there is no ReturnUrl parameter present in the query
string when redirected to the login page following an authentication
timeout.

Hope to hear from someone.

Regards,

Danny

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Securing static files
    ... It's not the session - it's the authentication timeout - you can set the timeout in the element in web.config. ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Forms Authentication - Timeout und Persistent Cookie
    ... Ich verwende die Forms Authentication was auch alles wunderbar funzt. ... biete dem Benutzer an, das Login speichern zu können, damit er sich nicht ... habe ich im web.config das Timeout auf ... Wenn der User das Login speichert, und länger als 60 Minuten keine ...
    (microsoft.public.de.german.entwickler.dotnet.asp)
  • Trying to create a secure app that never times out - very confused
    ... forms authentication, and I am trying to have it so that once a user ... The login is handled by the asp.net login control, ... If I look at the cookie expiry it ... Interestingly, if I set the timeout to be short, lets say 1 minute ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: FormsAuthentication doesnt redirect properly after timeout
    ... Danny wrote: ... > If the timeout expires and the user then wishes to access some ... > string when redirected to the login page following an authentication ... Could be that .NET doesn't populate ReturnUrl if it's a POST that is ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: sign in automatically failing
    ... Within the forms element for authentication, an attribute (timeout) can be ... When login into the site the user can ... the automatic login teh next time is failing. ...
    (microsoft.public.sharepoint.windowsservices)
Loading