[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASP.Net Session State Expected Behavior

Posted on 2012-09-06
5
Medium Priority
?
788 Views
Last Modified: 2012-09-07
I inherited an asp.net 2.0 web application [e commerce].
There are two web.config entries as follows:

    <authentication mode="None">
      <forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="120" path="/"/>
    </authentication>
<sessionState mode="InProc" timeout="120"/>

Open in new window


To test what would happen if i loaded the web application, waited until the session ended, then attempt to access the site again; i modified those values to be 5 minutes.

I don't know what I expected to happen, but when i reloaded the web page i was on -- NOTHING happened!

What type of behavior should i expect when a page is accessed after the session times out?
I would expect the user to be redirected to the login page and be forced to re-authenticate.

Jason
0
Comment
Question by:jsmithr
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:informaniac
ID: 38373833
What happens if you change

<authentication mode="None">

Open in new window


to

<authentication mode="Forms">

Open in new window

0
 

Author Comment

by:jsmithr
ID: 38374010
Nothing happens. I am running this on my Windows 7 machine through IIS7 via Visual Studio 2008.

Now, maybe this information is important:
The entire solution acctually consists of two web applications, nested within each other.
The log in form is a part of the top level application. each web application has it's own web.config. It looks a little something like this:

IIS Website >
Application 1 [Login Form]
Application 2

The web.config for Application 1 looks like this:
		<authentication mode="None" />
		<sessionState mode="InProc" />

Open in new window


The web.config for Application 2 looks like this (now):
    <authentication mode="Forms">
      <forms name="CommerceAuth" loginUrl="../Login.aspx" protection="All" timeout="5" path="/"/>
    </authentication>
    <sessionState mode="InProc" timeout="5"/>

Open in new window

0
 
LVL 23

Accepted Solution

by:
Christopher Kile earned 2000 total points
ID: 38374373
Redirection to a login page does not happen automatically.  If you want it, check Session.Expired and do a Response.Redirect() in your server code.  You'll need to include this code in each web page.
0
 

Author Comment

by:jsmithr
ID: 38375749
cpkilekofp,

Makes sense.
I am used to Master Pages, Forms Authentication, and ASP.Net 4.0.
I did not write this web application, but now am respobsible for it.

Thank you for the insight.
Jason
0
 
LVL 23

Expert Comment

by:Christopher Kile
ID: 38376588
You are quite welcome,

Christopher
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 9 hours left to enroll

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question