-1

How can I implement these scenarios using forms authentication?

If the user is Inactive for 40mins, he has to be logged out completely.

Questions

  • How should I set Session timeout ?
  • How to Manage application timeout vs. session timeout?
Brad
  • 229
  • 2
  • 4
  • 12

1 Answers1

0

If the user has to enter password; he is essentially logged out. You can set session timeout to 20.

However if you really want to differentiate between the two you can update session item with last time user made a request. Set the session time out to 40 minutes. At any given time if the session last update entry is older than 20 minutes ask him to enter password again.

See the following for executing code before every request in MVC

Community
  • 1
  • 1
Muhammad Hasan Khan
  • 34,648
  • 16
  • 88
  • 131
  • where **should I write the code related to saving the Session["lastrequest"]** in the application . and how **should I assign the time to the Session["lastrequest"]** – Brad Apr 04 '12 at 18:38