Link to home
Start Free TrialLog in
Avatar of vbnetcoder
vbnetcoder

asked on

redirect user to login page

How do i force the user to go to the login page after a session has expired. For example in my application I can save this as a bookmark

http:/applicaiiondir/categories/category_edit.aspx?Category_ID=2

and the next day go back and it will go to that page....

I want to make it so that it will dirrect the user to the login page after a certain length of time..
Avatar of Ron Malmstead
Ron Malmstead
Flag of United States of America image

How are you storing the session state ?

... I would think that they should be "disolved" after 24 hours..lol.

Basically you are setting some sort of session var to log them in right ?
So when the state expires...

On the page_load()

If session("Islogggedin") <> "TRUE" then response.redirect("~/login.aspx")
Are you using forms based authentication?
Avatar of vbnetcoder
vbnetcoder

ASKER

I am a little new to some of this thus my silly question ...

You answer makes sense.... but wouldn't I have to do that on every page?  The problem i am running into is that they are bookmarking the pages....
CodeCruiser: Not even sure what that is.... like I said i am very new to all this

I have a login page that checks the database for the username and password ... if it finds it the "main page" opens.  I never worked with username / passwords before.

ASKER CERTIFIED SOLUTION
Avatar of Nasir Razzaq
Nasir Razzaq
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
""I have a login page that checks the database for the username and password ... if it finds it the "main page" opens.  I never worked with username / passwords before.""

Since you aren't using forms auth, you must be using the logon control or simple textbox username/password with submit button..

This is the "old way" of course, but it still works fine for small webs.

Two things...

1) make sure your logon method is not subject to SQL injection attack.  It's a common mistake.
2) When you are passing the query lookup on the logon form...you can do this...

Once you find the user in the table ...do,
Session("IsLoggedOn") = "TRUE"

That is one method ...setting it in the session state
Then on each page load you can check ...

If session("Islogggedin") <> "TRUE" then response.redirect("~/login.aspx")


The solution Codecruiser provides eliminates the need to code this of course, and can also manage roles/permissions etc.

....I suggest you implement the "quick fix", since you've started out this way, then convert to Codecruiser's solution afterward.
I think I am going to use code cruisers method right away ..... the program is not live
ty