Forms Authentication Timeout Logging
https://stackoverflow.com/questions/7797274
-
10-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I want to detect when a asp.net Form Authentication ticket has expired. I then want to log to the server the user that was signed out because of inactivity. Is there an event that fires on the server when the authentication ticket has expired?
<sessionState mode="InProc" timeout="5"></sessionState>
<authentication mode="Forms">
<forms loginUrl="~/Home/AccessDenied" timeout="5" />
</authentication>
In the global asax file, I have tried the Session_OnEnd(). But the context.user object is null. When i call membership.getuser() it returns null also. I have tried making the session timeout before the auth but that doesn't help. I am using mvc3 and ii7.5.
Solution
Session and forms authentication have two completely separate timeouts. See my posting on this here:
How can I handle forms authentication timeout exceptions in ASP.NET?
In Application_PreRequestHandlerExecute you need to check the ticket.
Also be sure your session and forms auth timeouts are in sync using the code I posted there. Not just setting both to say 60 minutes. Since forms auth doesn't update the 'touched' time until half of the time passes by, and session time is updated on every request, they get out of sync.
