ASP.Net Session State Expected Behavior
I inherited an asp.net 2.0 web application [e commerce].
There are two web.config entries as follows:
To test what would happen if i loaded the web application, waited until the session ended, then attempt to access the site again; i modified those values to be 5 minutes.
I don't know what I expected to happen, but when i reloaded the web page i was on -- NOTHING happened!
What type of behavior should i expect when a page is accessed after the session times out?
I would expect the user to be redirected to the login page and be forced to re-authenticate.
Jason
There are two web.config entries as follows:
<authentication mode="None">
<forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="120" path="/"/>
</authentication>
<sessionState mode="InProc" timeout="120"/>To test what would happen if i loaded the web application, waited until the session ended, then attempt to access the site again; i modified those values to be 5 minutes.
I don't know what I expected to happen, but when i reloaded the web page i was on -- NOTHING happened!
What type of behavior should i expect when a page is accessed after the session times out?
I would expect the user to be redirected to the login page and be forced to re-authenticate.
Jason
ASKER
Nothing happens. I am running this on my Windows 7 machine through IIS7 via Visual Studio 2008.
Now, maybe this information is important:
The entire solution acctually consists of two web applications, nested within each other.
The log in form is a part of the top level application. each web application has it's own web.config. It looks a little something like this:
IIS Website >
Application 1 [Login Form]
Application 2
The web.config for Application 1 looks like this:
The web.config for Application 2 looks like this (now):
Now, maybe this information is important:
The entire solution acctually consists of two web applications, nested within each other.
The log in form is a part of the top level application. each web application has it's own web.config. It looks a little something like this:
IIS Website >
Application 1 [Login Form]
Application 2
The web.config for Application 1 looks like this:
<authentication mode="None" />
<sessionState mode="InProc" />The web.config for Application 2 looks like this (now):
<authentication mode="Forms">
<forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="5" path="/"/>
</authentication>
<sessionState mode="InProc" timeout="5"/>ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
cpkilekofp,
Makes sense.
I am used to Master Pages, Forms Authentication, and ASP.Net 4.0.
I did not write this web application, but now am respobsible for it.
Thank you for the insight.
Jason
Makes sense.
I am used to Master Pages, Forms Authentication, and ASP.Net 4.0.
I did not write this web application, but now am respobsible for it.
Thank you for the insight.
Jason
You are quite welcome,
Christopher
Christopher
Open in new window
to
Open in new window