cat4larry
asked on
Global.asax Infinite Redirect Loop Issue
I'm making some changes to my Forms Authentication to support authentication across multiple applications on the same server. Anyway, I've always had the below code in my Global.asax file:
Basically I use it so that any authenticated user without a session will be redirected back to the login page. However, this same code is now causing an infinite redirect looping problem. (in google chrome it says "This webpage has a redirect loop"). As soon as I comment the code out I don't have the issue. And more mysteriously, it only happens in DeBug mode
1) Do I even need this code? As soon as the session expires doesn't that also mean the auth ticket expired? Therefore all the redirecting will be handled by the built in forms authentication?
2) Why would it only be causing an issue in DeBug mode?
Thanks
If Session("UserID") Is Nothing Then
'we have an authenticated user
'with no current session
'so lets do this
'let's remove their authentication ticket
'then redirect them to logon.aspx
FormsAuthentication.SignOut()
Response.Redirect("Login.aspx")
End If
Basically I use it so that any authenticated user without a session will be redirected back to the login page. However, this same code is now causing an infinite redirect looping problem. (in google chrome it says "This webpage has a redirect loop"). As soon as I comment the code out I don't have the issue. And more mysteriously, it only happens in DeBug mode
1) Do I even need this code? As soon as the session expires doesn't that also mean the auth ticket expired? Therefore all the redirecting will be handled by the built in forms authentication?
2) Why would it only be causing an issue in DeBug mode?
Thanks
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
The session expire event should only happen once for user. There would be nothing to check regarding the session, and it should only redirect once.
Where is that code you posted actually running?
Another work around is to check if they're on the login page, then don't redirect.
eg:
if (!url.ToLower().Contains("
Response.Redirect("Login.a
Where is that code you posted actually running?
Another work around is to check if they're on the login page, then don't redirect.
eg:
if (!url.ToLower().Contains("
Response.Redirect("Login.a
.NET Programming
The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.
137K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Basically, I need to make sure that their authentication expiration and session timeout matches and make sure they get routed when one or the other doesn't exist.
D