Forms authentication and session question

kensai

I have a website using forms authentication. I seem to have a problem with it and I'd appreciate if you could help me on this. I use <forms timeout="600"> and <sessionState timeout="600"> in web.config. In login page I have this code:

protected void pageLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
if (Membership.ValidateUser(this.pageLogin.UserName.Trim(),this.pageLogin.Password.Trim()))
{
MembershipUser u = Membership.GetUser(this.pageLogin.UserName.Trim(), false);
Session["UserId"] = u.ProviderUserKey.ToString();
e.Authenticated = true;
}
else
{
e.Authenticated = false;
}
}

protected void pageLogin_LoggedIn(object sender, EventArgs e)
{
FormsAuthentication.RedirectFromLoginPage(Session["UserId"].ToString(), false);
}

I use Session["UserId"] on other protected pages. The problem is, sometimes when I refresh a page after a short while that uses Session["UserId"] I get null reference error on Session["UserId"] line. Why it is expiring so soon, I don't have anything modifying web.config or the website so I don't think IIS is recycling. And shouldn't it redirect to login page if session is expired? Am I missing something here? This is on WinXp sp2 and IIS6.

Abhijit Jana

what authentication mode did you set in IIS ? if you have used forms then you should select Anonumous authentication.

cheers, Abhijit