C
Cirene
Using ASP.NET membership. How do I automatically log a user out of the
system after 30 min of inactivity? Thanks.
system after 30 min of inactivity? Thanks.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
Juan T. Llibre
Since you're using forms authentication, modify the forms authentication timeout :
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/"
requireSSL="false" slidingExpiration="true">
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/"
requireSSL="false" slidingExpiration="true">
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
C
Cirene
Thanks. I assume this is in the web.config file, correc?
Do I put that statement under here?
<authentication mode="Forms"/>
Do I put that statement under here?
<authentication mode="Forms"/>
J
Juan T. Llibre
re:
!> Thanks. I assume this is in the web.config file, correct?
Correct.
re:
!> Do I put that statement under here?
!> <authentication mode="Forms"/>
Yes. See a complete example here :
http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
!> Thanks. I assume this is in the web.config file, correct?
Correct.
re:
!> Do I put that statement under here?
!> <authentication mode="Forms"/>
Yes. See a complete example here :
http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx
Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
C
Cowboy \(Gregory A. Beamer\)
What Juan has suggested handles the backend. You may also want to consider
adding something that kicks the user to the login page after the session is
gone (or actually just before, as the timeout is not guaranteed 100%).
To do that you can use a meta-refresh tag on every page for 30 minutes. Kick
the user to a logout page that does the following:
1. Kicks off membership
2. Abandons session
#1 should be accomplished by #2, but you can code both for safety. Then have
that page forward a person to the login page.
Setting the config will lose the session, etc., but if a person is in the
middle of a form, he will not find out until he hits the submit button.
--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA
Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss
or just read it:
http://gregorybeamer.spaces.live.com/
*************************************************
| Think outside the box!
|
*************************************************
adding something that kicks the user to the login page after the session is
gone (or actually just before, as the timeout is not guaranteed 100%).
To do that you can use a meta-refresh tag on every page for 30 minutes. Kick
the user to a logout page that does the following:
1. Kicks off membership
2. Abandons session
#1 should be accomplished by #2, but you can code both for safety. Then have
that page forward a person to the login page.
Setting the config will lose the session, etc., but if a person is in the
middle of a form, he will not find out until he hits the submit button.
--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA
Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss
or just read it:
http://gregorybeamer.spaces.live.com/
*************************************************
| Think outside the box!
|
*************************************************