Avatar of cat4larry
cat4larry asked on

Global.asax Infinite Redirect Loop Issue

I'm making some changes to my Forms Authentication to support authentication across multiple applications on the same server.   Anyway, I've always had the below code in my Global.asax file:

If Session("UserID") Is Nothing Then
                    'we have an authenticated user
                    'with no current session
                    'so lets do this
                    'let's remove their authentication ticket
                    'then redirect them to logon.aspx
                End If

Open in new window

Basically I use it so that any authenticated user without a session will be redirected back to the login page.  However, this same code is now causing an infinite redirect looping problem. (in google chrome it says "This webpage has a redirect loop").  As soon as I comment the code out I don't have the issue.  And more mysteriously, it only happens in DeBug mode

1) Do I even need this code?  As soon as the session expires doesn't that also mean the auth ticket expired?  Therefore all the redirecting will be handled by the built in forms authentication?

2) Why would it only be causing an issue in DeBug mode?

.NET Programming

Avatar of undefined
Last Comment
Kyle Abrahams

8/22/2022 - Mon
Kyle Abrahams

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

So would I stick a Session_OnEnd event into place and then if the session expires the user, after they click on something, get's routed back to the login screen?  If I did that, wouldn't I still be stuck with an infinite loop?

Basically, I need to make sure that their authentication expiration and session timeout matches and make sure they get routed when one or the other doesn't exist.  

Kyle Abrahams

The session expire event should only happen once for user.  There would be nothing to check regarding the session, and it should only redirect once.

Where is that code you posted actually running?

Another work around is to check if they're on the login page, then don't redirect.

if (!url.ToLower().Contains("login"))
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.