Re: Gracefully Handling Logged Out User

From: - Steve - (sevans_at_foundation.sdsu.edu)
Date: 06/23/04 

Date: Tue, 22 Jun 2004 22:06:26 -0700

You're right. What I've really been doing to myself is losing my state when
I update the bin directory. I guess that is pretty significantly different
than timing out. 

-- 
Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"John Saunders" <johnwsaundersiii@notcoldmail.com> wrote in message
news:uRaCcBJWEHA.2408@tk2msftngp13.phx.gbl...
> "- Steve -" <sevans@foundation.sdsu.edu> wrote in message
> news:%23DGtK6HWEHA.3236@tk2msftngp13.phx.gbl...
> > I'm using Forms Based Authentication.
> >
> > I've written my code so that when a user does something but has timed
out,
> > it gracefully logs them out and asks them to log back on.
> >
> > I do this with . .
> >
> > Session.Abandon()
> > Response.Redirect("logon.aspx")
>
> Session has nothing to do with Forms Authentication.
>
> If the login has timed out, and if they user attempts to access a page
which
> requires that they be authenticated, then Forms Authentication will
> automatically redirect them to the login page. When it does, the URL they
> requested will be in the ReturnUrl query parameter. This way, when
> RedirectFromLoginPage is called, they'll go right back to the page they
had
> requested, and Session state will still be intact.
>
> The one issue you'll see is that, if the request which required
> authentication was a postback, then the form variables will not be
available
> when the redirect to the requested page occurs, so they will lose their
> changes. It will be as though they had hit the browser Refresh button. If
> you don't abandon the Session, they will at least be able to get back to
> where they were on the last successful postback.
> -- 
> John Saunders
> johnwsaundersiii at hotmail
>
>