Re: Gracefully Handling Logged Out User

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: John Saunders (johnwsaundersiii_at_notcoldmail.com)
Date: 06/22/04

Next message: Jason MacKenzie: "Re: OK the most asked question again.... What is a good PDF writter component?"
Previous message: TJS: "Re: Need Code Sample for ASP and and browsing files and folders on the Server"
In reply to: - Steve -: "Gracefully Handling Logged Out User"
Next in thread: - Steve -: "Re: Gracefully Handling Logged Out User"
Reply: - Steve -: "Re: Gracefully Handling Logged Out User"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 22 Jun 2004 15:37:28 -0400

"- Steve -" <sevans@foundation.sdsu.edu> wrote in message
news:%23DGtK6HWEHA.3236@tk2msftngp13.phx.gbl...
> I'm using Forms Based Authentication.
>
> I've written my code so that when a user does something but has timed out,
> it gracefully logs them out and asks them to log back on.
>
> I do this with . .
>
> Session.Abandon()
> Response.Redirect("logon.aspx")

Session has nothing to do with Forms Authentication.

If the login has timed out, and if they user attempts to access a page which
requires that they be authenticated, then Forms Authentication will
automatically redirect them to the login page. When it does, the URL they
requested will be in the ReturnUrl query parameter. This way, when
RedirectFromLoginPage is called, they'll go right back to the page they had
requested, and Session state will still be intact.

The one issue you'll see is that, if the request which required
authentication was a postback, then the form variables will not be available
when the redirect to the requested page occurs, so they will lose their
changes. It will be as though they had hit the browser Refresh button. If
you don't abandon the Session, they will at least be able to get back to
where they were on the last successful postback.

-- 
John Saunders
johnwsaundersiii at hotmail

Next message: Jason MacKenzie: "Re: OK the most asked question again.... What is a good PDF writter component?"
Previous message: TJS: "Re: Need Code Sample for ASP and and browsing files and folders on the Server"
In reply to: - Steve -: "Gracefully Handling Logged Out User"
Next in thread: - Steve -: "Re: Gracefully Handling Logged Out User"
Reply: - Steve -: "Re: Gracefully Handling Logged Out User"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: HTTP - basic authentication example.
... or *never* knowing the realm..) ... This is called authentication and is implemented ... requests a web page it sends a request to the server. ... consists of headers with certain information about the request. ...
(comp.lang.python)
Re: Each HTTP object being requested twice (401 then 200 responses)
... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
(microsoft.public.inetserver.iis.security)
Re: Each HTTP object being requested twice (401 then 200 responses)
... Authentication" and the web.config authentication setting is ... Authorized because the request was made anonymously. ... requests the same object a second time it uses kerberos; ... Kerberos tokens should not be regenerated for every request. ...
(microsoft.public.inetserver.iis.security)
Re: HTTP_AUTHORIZATION header
... HTML file from one virtual directory, and then immediately execute a CGI from ... Authentication happens when I request the HTML ... header is not expected for every request for NTLM ...
(microsoft.public.inetserver.iis.security)
Re: HTTP_AUTHORIZATION header
... I use WFetch to make a Basic authenticated POST request against my CGI EXE ... Nitpick on your stated understanding of authentication protocols - ... header is not expected for every request for NTLM ...
(microsoft.public.inetserver.iis.security)