• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

redirect user to login page

How do i force the user to go to the login page after a session has expired. For example in my application I can save this as a bookmark

http:/applicaiiondir/categories/category_edit.aspx?Category_ID=2

and the next day go back and it will go to that page....

I want to make it so that it will dirrect the user to the login page after a certain length of time..
0
vbnetcoder
Asked:
vbnetcoder
  • 4
  • 3
  • 2
1 Solution
 
Ron MalmsteadInformation Services ManagerCommented:
How are you storing the session state ?

... I would think that they should be "disolved" after 24 hours..lol.

Basically you are setting some sort of session var to log them in right ?
So when the state expires...

On the page_load()

If session("Islogggedin") <> "TRUE" then response.redirect("~/login.aspx")
0
 
Ron MalmsteadInformation Services ManagerCommented:
0
 
CodeCruiserCommented:
Are you using forms based authentication?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
vbnetcoderAuthor Commented:
I am a little new to some of this thus my silly question ...

You answer makes sense.... but wouldn't I have to do that on every page?  The problem i am running into is that they are bookmarking the pages....
0
 
vbnetcoderAuthor Commented:
CodeCruiser: Not even sure what that is.... like I said i am very new to all this

I have a login page that checks the database for the username and password ... if it finds it the "main page" opens.  I never worked with username / passwords before.

0
 
CodeCruiserCommented:
With forms based authentication, ASP.NET will automatically redirect users to login page when the session has expired. I recommend you do some reading

http://www.4guysfromrolla.com/webtech/110701-1.shtml

http://support.microsoft.com/kb/301240

http://www.asp.net/security/videos/using-basic-forms-authentication-in-aspnet

http://msdn.microsoft.com/en-us/library/ff647070.aspx

0
 
Ron MalmsteadInformation Services ManagerCommented:
""I have a login page that checks the database for the username and password ... if it finds it the "main page" opens.  I never worked with username / passwords before.""

Since you aren't using forms auth, you must be using the logon control or simple textbox username/password with submit button..

This is the "old way" of course, but it still works fine for small webs.

Two things...

1) make sure your logon method is not subject to SQL injection attack.  It's a common mistake.
2) When you are passing the query lookup on the logon form...you can do this...

Once you find the user in the table ...do,
Session("IsLoggedOn") = "TRUE"

That is one method ...setting it in the session state
Then on each page load you can check ...

If session("Islogggedin") <> "TRUE" then response.redirect("~/login.aspx")


The solution Codecruiser provides eliminates the need to code this of course, and can also manage roles/permissions etc.

....I suggest you implement the "quick fix", since you've started out this way, then convert to Codecruiser's solution afterward.
0
 
vbnetcoderAuthor Commented:
I think I am going to use code cruisers method right away ..... the program is not live
0
 
vbnetcoderAuthor Commented:
ty
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now