I have a variety of problems associated with losing the session authentication in my asp.net (vb) application. Are there hidden coding gotchas that will cause a session to disappear? It happens intermittently but often. Also, during development, it seems as if occasionally the session will just die right in the middle of using the app. Should I be using State Server instead of inproc?
Also, I'd like to force the idle browser to redirect to the login page as the session ends.
Rather than waiting for the user to attempt to take action after the session timeout occurs, and being denied at that time. I want to stay away from this method to keep from having to litter the code with conditional statements checking for authentication all over the place. If someone gets up from their machine and returns more than 20 minutes later, I want them to see the login page, and for their session to be destroyed by then.
Is there a best-practice way to do this in the .Net world? It seems pretty obscure when I STFW for it, and it looks like I'm stuck with a <META> tag, which somehow feels like a kludge.
Putting an onLoad() javascript function in the <body> tag of the .aspx seems to redirect immediately, not after the specified milliseconds have elapsed. Any ideas, hints, experiences, solutions will be appreciated.
Here's the web.config entry, nothing special -
Code:<sessionState mode="InProc" stateConnectionString="tcp
ip=127.0.0
.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20" />
Here's the body tag in the aspx file that didn't work, instead it redirected immediately -
onLoad="window.setTimeout(
window.loc
ation.href
='/login.a
spx',50000
);"
As far as I know, when placed in the body tag of the page, this should make the loaded page wait 50 seconds and then send an http request for login.aspx. Instead, it goes immediately.
Thanks in advance.
..-=x=-..
