Re: FormsAuthentication doesn't redirect properly after timeout
From: Craig Deelsnyder (cdeelsny_at_NO_SPAM_4_MEyahoo.com)
Date: 06/17/04
- Next message: bloomfield: "Re: OK, answered my own question"
- Previous message: Patrick: "Re: Debugging live application"
- In reply to: Danny: "FormsAuthentication doesn't redirect properly after timeout"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Jun 2004 10:19:39 -0500
Danny wrote:
> Hi there,
>
> I was wondering if anyone would be able to shed some light on the
> following behaviour for me.
>
> I have an application that is using Forms Authentication with
> non-persistent cookies, a forms timeout of 10 minutes, and a
> FormsAuthenticationTicket Expiration of 10 minutes. Almost everything is
> working as expected... when users try to enter restricted parts of the
> site they are redirected to the login.aspx page that I have specified in
> order to authenticate themselves. Once authenticated they are returned
> successfully to the originally requested page.
>
> (aside: I am able to do this using a call to
> Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
> false)); or FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
> false); - either method works.)
>
> If the timeout expires and the user then wishes to access some
> restricted content again, they are booted back to the login page
> (obviously, this is supposed to happen). The part that doesn't work as
> expected is as follows:
>
> After this timeout, once the user then successfully
> authenticates themself again they do not get redirected to the page they
> were trying for, instead they are redirected to default.aspx at the root
> of the application.
>
> I noticed that there is no ReturnUrl parameter present in the query
> string when redirected to the login page following an authentication
> timeout.
>
> Hope to hear from someone.
>
> Regards,
>
> Danny
>
>
> *** Sent via Devdex http://www.devdex.com ***
> Don't just participate in USENET...get rewarded for it!
Are they (the users) sometimes doing a postback after the timeout,
instead of doing a GET for a page; is that the scenario that breaks?
Could be that .NET doesn't populate ReturnUrl if it's a POST that is
being done 'illegally', as it can't really 'put you back where you were'
after logging back in. Now if you were clicking on a simple link (a
GET), it knows it can put you back in that exact spot.
Just a guess...
-- Craig Deelsnyder Microsoft MVP - ASP/ASP.NET
- Next message: bloomfield: "Re: OK, answered my own question"
- Previous message: Patrick: "Re: Debugging live application"
- In reply to: Danny: "FormsAuthentication doesn't redirect properly after timeout"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
