• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 797
  • Last Modified:

Global.asax Infinite Redirect Loop Issue

I'm making some changes to my Forms Authentication to support authentication across multiple applications on the same server.   Anyway, I've always had the below code in my Global.asax file:

If Session("UserID") Is Nothing Then
                    'we have an authenticated user
                    'with no current session
                    'so lets do this
                    'let's remove their authentication ticket
                    'then redirect them to logon.aspx
                End If

Open in new window

Basically I use it so that any authenticated user without a session will be redirected back to the login page.  However, this same code is now causing an infinite redirect looping problem. (in google chrome it says "This webpage has a redirect loop").  As soon as I comment the code out I don't have the issue.  And more mysteriously, it only happens in DeBug mode

1) Do I even need this code?  As soon as the session expires doesn't that also mean the auth ticket expired?  Therefore all the redirecting will be handled by the built in forms authentication?

2) Why would it only be causing an issue in DeBug mode?

  • 2
1 Solution
Kyle AbrahamsSenior .Net DeveloperCommented:
I can see where the loop is coming from:

If Session("UserID") Is Nothing Then  

UserId never gets assigned (I'm assuming in the login page)
which will cause the redirect.

What is the purpose of the code?

If you were looking for more of a session expired type thing they have events for that:

Not sure why it would only happen in debug mode.
cat4larryAuthor Commented:
So would I stick a Session_OnEnd event into place and then if the session expires the user, after they click on something, get's routed back to the login screen?  If I did that, wouldn't I still be stuck with an infinite loop?

Basically, I need to make sure that their authentication expiration and session timeout matches and make sure they get routed when one or the other doesn't exist.  

Kyle AbrahamsSenior .Net DeveloperCommented:
The session expire event should only happen once for user.  There would be nothing to check regarding the session, and it should only redirect once.

Where is that code you posted actually running?

Another work around is to check if they're on the login page, then don't redirect.

if (!url.ToLower().Contains("login"))
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now