Last post Oct 09, 2014 11:53 AM by mgambone
Oct 09, 2014 09:43 AM|mgambone|LINK
I've read from here:
http://codeasp.net/blogs/vivek_iit/microsoft-net/848/forms-authentication-timeout-vs-session-state-timeout that it's better to set Forms Authentication timeout value to be greater than the Session State Timeout value.
In this case, I need to inform the user that the session state is about to expire AND also to tell user the authentication ticket is about to expire. Seems like a double-work (if I set different values for Forms Authentication and Session State).
Is there a way to use a popup alert and countdown to alert user of the situation in each case, and have a button that the user can click to sort of "Keep me logged in"?
Appreciate any help.
Oct 09, 2014 10:02 AM|AidyF|LINK
Session and authentication are not related, if you want to link them you're going to have a buggy solution.
If users want to stay logged in then give them a "remember me" option so the auth cookie remains active.
Ignore handling session expirations, ignore trying to give users an indication their session is about to expire...again if you try these things you'll just end up with a buggy solution.
What you should do is make sure your site behaves intelligently for users that have no session (ie people who have deep-linked to your site, or people who have left their browser idle).
As a totally separate issue you should also ensure your site behaves intelligently for users who are not authenticated (again deep linkers without a "remember me" or people who have had their auth timed out).
With the above two things in place your site will respect the stateless nature of the internet and act properly.
Oct 09, 2014 11:53 AM|mgambone|LINK
Hmmmm....okay. That's a lot easier then. My site is only for authenticated users. I do have a jquery code to handle inactivity.
Thanks for the info.