3

In my ASP.NET MVC 3 application, I have a timer which executes a controller action every period of time. This way my session is never timed out...

I don't want this action to reset the session timer every time it is executed. I tried to do this by creating a custom attribute [AllowAnonymous] like this link

http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

but this way, any user will be able to access this action without logging in, and that's not what I want.

Any ideas ?

kbaccouche
  • 4,575
  • 11
  • 43
  • 65

2 Answers2

1

You could disable sliding expiration for the session in your web.config:

<forms slidingExpiration="false" loginUrl="~/Account/LogOn" timeout="2800" />

This way the forms authentication cookie won't be renewed and the ticket will be valid only for a fixed amount of time.

And if you wanted to disable sliding expiration only for certain requests you may take a look at the following answer. It's a bit hacky because the ticket renewal code is buried deep into the FormsAuthenticationModule.

Community
  • 1
  • 1
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • ok but this will affect all the actions, and I want to do it only for a specific action – kbaccouche Apr 02 '13 at 16:23
  • This is very difficult because the ticket renewal is buried deep into the FormsAuthenticationModule code. you may take a look at the following post: http://stackoverflow.com/a/4722128/29407 – Darin Dimitrov Apr 02 '13 at 16:27
  • @DarinDimitrov So it would work by setting `slidingExpiration` to false and manually renewing the cookie (using the link you provided) for all requests except requests that target the specific action? – ken2k Apr 12 '13 at 15:23
0

How about creating a different application that accessed through a subdomain? I think this is not only the easiest but also cleanest way to do this.

If you use any other way and another developer needs to support it later, the cost of doing it will probably be higher depending on the complexity of the solution if they need to change it somehow.

Fabio Milheiro
  • 8,100
  • 17
  • 57
  • 96