ASP.Net Session State Expected Behavior

I inherited an asp.net 2.0 web application [e commerce].
There are two web.config entries as follows:

    <authentication mode="None">
      <forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="120" path="/"/>
    </authentication>
<sessionState mode="InProc" timeout="120"/>

Open in new window


To test what would happen if i loaded the web application, waited until the session ended, then attempt to access the site again; i modified those values to be 5 minutes.

I don't know what I expected to happen, but when i reloaded the web page i was on -- NOTHING happened!

What type of behavior should i expect when a page is accessed after the session times out?
I would expect the user to be redirected to the login page and be forced to re-authenticate.

Jason
jsmithrAsked:
Who is Participating?
 
Christopher KileCommented:
Redirection to a login page does not happen automatically.  If you want it, check Session.Expired and do a Response.Redirect() in your server code.  You'll need to include this code in each web page.
0
 
Obadiah ChristopherCommented:
What happens if you change

<authentication mode="None">

Open in new window


to

<authentication mode="Forms">

Open in new window

0
 
jsmithrAuthor Commented:
Nothing happens. I am running this on my Windows 7 machine through IIS7 via Visual Studio 2008.

Now, maybe this information is important:
The entire solution acctually consists of two web applications, nested within each other.
The log in form is a part of the top level application. each web application has it's own web.config. It looks a little something like this:

IIS Website >
Application 1 [Login Form]
Application 2

The web.config for Application 1 looks like this:
		<authentication mode="None" />
		<sessionState mode="InProc" />

Open in new window


The web.config for Application 2 looks like this (now):
    <authentication mode="Forms">
      <forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="5" path="/"/>
    </authentication>
    <sessionState mode="InProc" timeout="5"/>

Open in new window

0
 
jsmithrAuthor Commented:
cpkilekofp,

Makes sense.
I am used to Master Pages, Forms Authentication, and ASP.Net 4.0.
I did not write this web application, but now am respobsible for it.

Thank you for the insight.
Jason
0
 
Christopher KileCommented:
You are quite welcome,

Christopher
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.