FormsAuthentication and Session timeout problem.
-
Hi, I kind figure out the problem why the FormsAuthentication cookie can't be set, because just after the authentication it brings me back to the same page with the message that my session has been expired. Lets see my webconfig.
<system.web>
<authentication mode="Forms">
<forms path="BackOffice" loginurl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>The state=Timeout is caught to show an alert saying that the session has been timed out The code that i use just after a successful authentication: 'FormsAuthentication.SetAuthCookie(tbxEmail.Text.Trim, False) FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True) Response.Redirect("Home.aspx") After a successfull authentication I don't get directed to the Home.aspx page. When i set the following in the webconfig: <forms path="BackOffice" loginUrl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1" cookieless="UseUri"> but than my string changes to something like: http://localhost:4190/TEST/(F(DkeaiAh5OWpUmiVajjisadVvodQMLp1lpg4yu8pQK\_PlxqApl5udnh7iAx1Yi8KhNbLIx6pQkytYVuhnwCj7GmfkbmpD-2IxXSxyilQM5HDrQ9-byppwLdbd\_uBxEeSNdo5UNcPd9nxQxW0ZU3o3Sw2))/BackOffice/Home.aspx What I am doing wrong? How i can use normal cookies zo i don't need to have the UseUri flag? Thanks
-
Hi, I kind figure out the problem why the FormsAuthentication cookie can't be set, because just after the authentication it brings me back to the same page with the message that my session has been expired. Lets see my webconfig.
<system.web>
<authentication mode="Forms">
<forms path="BackOffice" loginurl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>The state=Timeout is caught to show an alert saying that the session has been timed out The code that i use just after a successful authentication: 'FormsAuthentication.SetAuthCookie(tbxEmail.Text.Trim, False) FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True) Response.Redirect("Home.aspx") After a successfull authentication I don't get directed to the Home.aspx page. When i set the following in the webconfig: <forms path="BackOffice" loginUrl="BackOffice/Default.aspx?state=Timeout" protection="All" timeout="1" cookieless="UseUri"> but than my string changes to something like: http://localhost:4190/TEST/(F(DkeaiAh5OWpUmiVajjisadVvodQMLp1lpg4yu8pQK\_PlxqApl5udnh7iAx1Yi8KhNbLIx6pQkytYVuhnwCj7GmfkbmpD-2IxXSxyilQM5HDrQ9-byppwLdbd\_uBxEeSNdo5UNcPd9nxQxW0ZU3o3Sw2))/BackOffice/Home.aspx What I am doing wrong? How i can use normal cookies zo i don't need to have the UseUri flag? Thanks
ESTAN wrote:
FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True) Response.Redirect("Home.aspx")
Your call to Response.Redirect doesn't get called because you're calling RedirectFromLoginPage before it. Do something like this:
<forms .... other attributes .... defaultUrl="~/BackOffice/Home.aspx" cookieless="UseCookies" />And your code can just be:FormsAuthentication.RedirectFromLoginPage(....)You don't need to do anything special to use cookies. Calling RedirectFromLoginPage will set the user's cookie and the FormsAuthentication module will take care of managing the session ticket in the cookie. And if you're session is still timing out, set your timeout to something more than 1 minute. 30 minutes is the default. 1 minute will never work in a real application, it would only be valid for testing what happens when the session times out. Here's the documentation for the <forms> element: http://msdn2.microsoft.com/en-us/library/1d3t3c61.aspx[^]Mark's blog: developMENTALmadness.blogspot.com
-
ESTAN wrote:
FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, True) Response.Redirect("Home.aspx")
Your call to Response.Redirect doesn't get called because you're calling RedirectFromLoginPage before it. Do something like this:
<forms .... other attributes .... defaultUrl="~/BackOffice/Home.aspx" cookieless="UseCookies" />And your code can just be:FormsAuthentication.RedirectFromLoginPage(....)You don't need to do anything special to use cookies. Calling RedirectFromLoginPage will set the user's cookie and the FormsAuthentication module will take care of managing the session ticket in the cookie. And if you're session is still timing out, set your timeout to something more than 1 minute. 30 minutes is the default. 1 minute will never work in a real application, it would only be valid for testing what happens when the session times out. Here's the documentation for the <forms> element: http://msdn2.microsoft.com/en-us/library/1d3t3c61.aspx[^]Mark's blog: developMENTALmadness.blogspot.com
Well i tried it, I've set the timeout to 55 minutes, added the defaultUrl and the cookieless attribute. I changed all my code to that single line FormsAuthentication.RedirectFromLoginPage(email, false) Well i can't seem to get it work, it calls immediately the login page again. http://localhost:4190/TEST/BackOffice/Default.aspx?state=Timeout&ReturnUrl=%2FTEST%2FBackOffice%2FHome.aspx I don't get it. Any idea why this is happening?
-
Well i tried it, I've set the timeout to 55 minutes, added the defaultUrl and the cookieless attribute. I changed all my code to that single line FormsAuthentication.RedirectFromLoginPage(email, false) Well i can't seem to get it work, it calls immediately the login page again. http://localhost:4190/TEST/BackOffice/Default.aspx?state=Timeout&ReturnUrl=%2FTEST%2FBackOffice%2FHome.aspx I don't get it. Any idea why this is happening?
Have you checked FormsAuthentication.CookiesSupported to verify if the client supports cookies? If that doesn't help, post your code and config file again to show us what it looks like now with your changes.
Mark's blog: developMENTALmadness.blogspot.com
-
Have you checked FormsAuthentication.CookiesSupported to verify if the client supports cookies? If that doesn't help, post your code and config file again to show us what it looks like now with your changes.
Mark's blog: developMENTALmadness.blogspot.com
Sorry, i was a bit out. I did a check on FormsAuthentication.CookiesSupported and it says true (i logged it to a file) So i am a bit clueless here why this is happening. webconfig:
<system.web> <sessionState timeout="60"/> </system.web> <system.web> <authentication mode="Forms"> <forms path="BackOffice" loginUrl="BackOffice/Default.aspx?state=Timeout" defaultUrl="BackOffice/Home.aspx" timeout="55" cookieless="UseCookies"> </forms> </authentication> <authorization> <!--<allow users="*"/>--> <deny users="?"/> </authorization> </system.web>The validation code:Protected Sub btnValidate_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnValidate.Click Dim dt As DataTable = db.GetData("SELECT Active FROM tblUsers WHERE Email = '" & tbxEmail.Text.Trim & "' and Password = '" & Replace(tbxPassword.Text, "'", "''") & "'") If (dt.Rows.Count = 0) Then ' This means that the combination of the email address and the password could not be found in the database lblLoginMessage.Text = CType(ViewState("vsAlerts"), Hashtable)("Alert1").ToString Else If (CType(dt.Rows(0)(0), Int32) = 0) Then ' This means that the user is not allowed to log in, the Active bit is set to 0 lblLoginMessage.Text = CType(ViewState("vsAlerts"), Hashtable)("Alert2").ToString Else Session.Add("User", tbxEmail.Text.Trim) Session.Add("Date", DateTime.Now.ToString) Session.Add("Active", 1) Common.LogInfo("FormsAuthentication.CookiesSupported: " & FormsAuthentication.CookiesSupported(), 3, Parameters.LOG_FILE, "clssDbAccess.SetData") FormsAuthentication.RedirectFromLoginPage(tbxEmail.Text.Trim, False) End If End If End Sub