0

Is there any solution for redirect user to login page, when cookie expires?

I create formsauthenticationticket and cookie. Expiration is set on 10minutes.

When expiration is over, and user doesn't make any request 20-minutes, and after that, clicks he on some link, he would be redirected to login page and log in again.

I have HttpModule in assembly, which is referenced in web project.

In this module I have PreRequestHandlerExecute() event, where I control on every request, if the user is authenticated and refresh timeout for cookie.

But If the user is not authenticated, he would be redirect to login page. Is there any solution for this? I know about AuthorizeAttribute, but is there any other way to do this?

THANKS

hackp0int
  • 4,052
  • 8
  • 59
  • 95
Bxx
  • 1
  • 7

1 Answers1

0

Once the user's cookie has expired it won't be sent in the request, so you have no way of knowing who is a new user and who is a user who's cookie has expired because neither user will send a cookie with their page request.

One workaround is to set the cookie to 10 mins, but use the Meta Refresh tag to redirect to the login page after 9 mins 50 seconds. Note: the login page would need to log the user out too, otherwise it would refresh the session again.

Neil Thompson
  • 6,356
  • 2
  • 30
  • 53