0

In a nutshell, I want to show loginpage when the session expires.For that I have modified some details in web.config shown below so that I can test whether the logic works.But sadly the below logic is not firing

My expectation was to go the Login Action in the Account Controller when the session expires.

Also what's the difference between the timeout in authentication section and session state section

<authentication mode="Forms">     
  <forms loginUrl="~/Account/Login"  timeout="1" />
</authentication>

<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>
ksg
  • 3,927
  • 7
  • 51
  • 97
  • [They](https://msdn.microsoft.com/en-us/library/system.web.configuration.formsauthenticationconfiguration.timeout%28v=vs.110%29.aspx) are [documented](https://msdn.microsoft.com/en-us/library/system.web.sessionstate.httpsessionstate.timeout%28v=vs.110%29.aspx) – stuartd Nov 11 '15 at 12:16

2 Answers2

1

You could implement this by using custom attribute like below:

public class SessionTimeOutAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpContext context = HttpContext.Current;

            // check if session supported
            if ( context.Session != null ) {
                if( context.Session["username"] == null ) {
                   context.Response.Redirect ( "~/Account/Login" );
                }
            }
            base.OnActionExecuting(filterContext);
        }
    }

Then you could apply this attribute to your Controllers or particular actions like this:

      [SessionTimeOut]
      public class HomeController : Controller
      {

      }

or for Action:

      [SessionTimeOut]
      public ActionResult Index()
      {
         return Index();
      }
user2771704
  • 5,994
  • 6
  • 37
  • 38
  • for global use GlobalFilters.Filters.Add(new SessionExpireFilterAttribute()) https://stackoverflow.com/questions/25423464/redirect-to-specific-page-after-session-expires-mvc4 – forX Jan 19 '18 at 17:59
0

According to this answer, the basic difference of these timeout properties is:

<authentication mode="Forms">     
  <forms loginUrl="~/Account/Login"  timeout="1" />
</authentication>

"The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid"

<sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
  <providers>
    <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
  </providers>
</sessionState>

"The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session."

Have you registered the Authorize filter in RegisterGlobalFilters ?

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new AuthorizeAttribute());
}

And also configured your controllers with [Authorize] annotation ?

Community
  • 1
  • 1
vdefeo
  • 93
  • 1
  • 1
  • 10