Re: infinite session timeout
From: William F. Robertson, Jr. (theman_at_fdrsucks.com)
Date: 12/06/04
- Next message: Aidan Marcuss: "Re: infinite session timeout"
- Previous message: Markus McGee: "RE: Migrating ASP.NET projects between VS.NET 2002 and VS.NET 2003"
- In reply to: Joe Abou Jaoude: "infinite session timeout"
- Next in thread: Aidan Marcuss: "Re: infinite session timeout"
- Reply: Aidan Marcuss: "Re: infinite session timeout"
- Reply: Aidan Marcuss: "Re: infinite session timeout"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 6 Dec 2004 09:39:55 -0600
No, the server does not not about a user that has closed their browser and
will remain in memory. Worse yet, if you have a user that logs in then
closes their browser, then logs in again, you know will have two sessions on
your machine. You can see how this can quickly fill up your machine's RAM.
You should keep the timeout. You seem to want to have the user not log on
every time they come to your site. I am assuming you are using forms
authentication?
With forms authentication you have a login page defined. On the page_load
for the login page, you should just check for the cookie, validate the user,
set up their information(?), then redirect them to the page they were trying
to hit. Basically you have the btnLogin_Click code, also in the page_load
that processes the cookie.
It will be somewhat transparent for your users when their session does
timeout.
Would this solution work for you?
bill
"Joe Abou Jaoude" <anonymous@devdex.com> wrote in message
news:%23v%23Hpb52EHA.2016@TK2MSFTNGP15.phx.gbl...
>
>
>
>
> hi,
>
> I have a web app with forms authentication and a timeout session of 20
> mins for security reasons. I recently added a feature that allows users
> (if they want to) to automatically log in (without entering username and
> password) using the cookies. Now in this case the 20 mins session
> timeout has no meaning anymore so I m thinking to make the timeout
> infinite in this case only.
>
> my question is, if i do this, and then a user used the application and
> closed the browser , does the server knows that this session is no
> longer needed and removes it from memory even if the timeout is infinite
> ?
>
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!
- Next message: Aidan Marcuss: "Re: infinite session timeout"
- Previous message: Markus McGee: "RE: Migrating ASP.NET projects between VS.NET 2002 and VS.NET 2003"
- In reply to: Joe Abou Jaoude: "infinite session timeout"
- Next in thread: Aidan Marcuss: "Re: infinite session timeout"
- Reply: Aidan Marcuss: "Re: infinite session timeout"
- Reply: Aidan Marcuss: "Re: infinite session timeout"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
