Global.asax Infinite Redirect Loop Issue

I'm making some changes to my Forms Authentication to support authentication across multiple applications on the same server.   Anyway, I've always had the below code in my Global.asax file:

           
If Session("UserID") Is Nothing Then
                    'we have an authenticated user
                    'with no current session
                    'so lets do this
                    'let's remove their authentication ticket
                    'then redirect them to logon.aspx
                    FormsAuthentication.SignOut()
                    Response.Redirect("Login.aspx")
                End If

Open in new window


Basically I use it so that any authenticated user without a session will be redirected back to the login page.  However, this same code is now causing an infinite redirect looping problem. (in google chrome it says "This webpage has a redirect loop").  As soon as I comment the code out I don't have the issue.  And more mysteriously, it only happens in DeBug mode

1) Do I even need this code?  As soon as the session expires doesn't that also mean the auth ticket expired?  Therefore all the redirecting will be handled by the built in forms authentication?

2) Why would it only be causing an issue in DeBug mode?

Thanks
cat4larryAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle AbrahamsSenior .Net DeveloperCommented:
I can see where the loop is coming from:

If Session("UserID") Is Nothing Then  

UserId never gets assigned (I'm assuming in the login page)
which will cause the redirect.

What is the purpose of the code?

If you were looking for more of a session expired type thing they have events for that:
http://msdn.microsoft.com/en-us/library/ms178583(v=vs.100).aspx


Not sure why it would only happen in debug mode.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cat4larryAuthor Commented:
So would I stick a Session_OnEnd event into place and then if the session expires the user, after they click on something, get's routed back to the login screen?  If I did that, wouldn't I still be stuck with an infinite loop?

Basically, I need to make sure that their authentication expiration and session timeout matches and make sure they get routed when one or the other doesn't exist.  

D
0
Kyle AbrahamsSenior .Net DeveloperCommented:
The session expire event should only happen once for user.  There would be nothing to check regarding the session, and it should only redirect once.

Where is that code you posted actually running?

Another work around is to check if they're on the login page, then don't redirect.

eg:
if (!url.ToLower().Contains("login"))
 Response.Redirect("Login.aspx");
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.