0

In a nutshell, I want to show loginpage when the session expires.For that I have modified some details in web.config shown below so that I can test whether the logic works.But sadly the below logic is not firing

My expectation was to go the Login Action in the Account Controller when the session expires.

Also what's the difference between the timeout in authentication section and session state section

<authentication mode="Forms">     
  <forms loginUrl="~/Account/Login"  timeout="1" />
</authentication>

<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>
Improve this question
1

2 Answers 2

Reset to default
1

You could implement this by using custom attribute like below:

public class SessionTimeOutAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpContext context = HttpContext.Current;

            // check if session supported
            if ( context.Session != null ) {
                if( context.Session["username"] == null ) {
                   context.Response.Redirect ( "~/Account/Login" );
                }
            }
            base.OnActionExecuting(filterContext);
        }
    }

Then you could apply this attribute to your Controllers or particular actions like this:

      [SessionTimeOut]
      public class HomeController : Controller
      {

      }

or for Action:

      [SessionTimeOut]
      public ActionResult Index()
      {
         return Index();
      }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

for global use GlobalFilters.Filters.Add(new SessionExpireFilterAttribute()) stackoverflow.com/questions/25423464/…
0

According to this answer, the basic difference of these timeout properties is:

<authentication mode="Forms">     
  <forms loginUrl="~/Account/Login"  timeout="1" />
</authentication>

"The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid"

<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>

"The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session."

Have you registered the Authorize filter in RegisterGlobalFilters ?

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new AuthorizeAttribute());
}

And also configured your controllers with [Authorize] annotation ?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.