0

I am developing a site in asp.net & c#. I am not very familiar with javaScript but I'm using a little bit for some things. In order to create a pop up window I used the following javaScript code:

<script type="text/javascript" language="javascript">
function OpenCallUpdatePop(popUrl) {
CallUpdatePop = window.open(popUrl, 'callUpPop', 'toolbar=no, location=yes, scrollbars=yes, width=900, height=700')
    setTimeout('CallUpdatePop.scroll(0,100)', 1000)
}
</script>

The parameter popUrl is populated by the following c# code:

string updateUrl = string.Format("UpdatePopUpPage.aspx");
ClientScript.RegisterStartupScript(this.GetType(), "myScript", "<script language=JavaScript>OpenCallUpdatePop('" + updateUrl + "');</script>");

I have a timer on the page set for a few seconds before Session timeout in order to redirect to the Logout page where FormsAuthentication.SignOut(); takes place. The Response.Redirect() to the LogOut Page doesn't work from the child window so I tried a javaScript function:

function closeThis() {
self.close()
}

Which was called from the following c# sharp code:

protected void timerLogOut_Tick(object sender, EventArgs e)
{
    ClientScript.RegisterStartupScript(this.GetType(), "myScript", "<scriptlanguage=JavaScript>closeThis();</script>");

}

The page doesn't close but instead redirects to the default page which is the LogIn page but I want it to redirect to the LogOut page. How can I just cause the child page to just close or redirect it to the LogOut page or any other page? Another possiblity could be to change the setting of the web.config default page from c# code so that the page will redirect to where I want, is that possible?

elixenide
  • 44,308
  • 16
  • 74
  • 100
Dov Miller
  • 1,958
  • 5
  • 34
  • 46
  • When your page redirects, what code is causing the redirect? It sounds like you're posting back just *after* session timeout, which is automatically redirecting to login - not what you intended. BTW - that use of String.Format is in the oddest place. – sq33G Dec 11 '11 at 19:54

1 Answers1

0

The most likely issue is that you do not have the LogOut page available for anonymous access and the session actually times out before the page navigation can be completed.

When this happens and you have a loginUrl specified for the forms authentication block in web.config, ASP.Net will automatically redirect the user to the login page.

In order to detect this behavior, we add a special query string parameter so that we know if the user arrived at the login page due to an automatic redirect or not: 

 <authentication mode="Forms">
    <forms name=".MYAUTH" loginUrl="default.aspx?reauth=1" protection="All" path="/" slidingExpiration="true" timeout="60" />
  </authentication>

You can ensure the logout page is always accessible by adding the following to web.config:

  <location path="logout.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

If the purpose of the logout page is just to provide the user some information about what happened, you could actually leave the logout page out altogether and just rely on the auto-redirect querystring parameter to provide a message to the user when they are returned to the login page. For example, in the login page:

<script language="javascript" type="text/javascript">
    <!--
    if (window.location.search != "") {
        if (window.location.search.indexOf("reauth=1") != -1) {
            alert("Your login credentials have expired. Please log in again to continue.");
        }
    }
    -->
</script>
competent_tech
  • 44,465
  • 11
  • 90
  • 113