0

In an asp.net app using forms authentication I'm trying to find which event would be called when timeout occurs.

I know that I can capture the Session timeout event with Session_End in global.asax but is there one for the forms authentication part?

sbarnby71
  • 584
  • 4
  • 7
  • 21

1 Answers1

0

As you can see here: Forms Authentication Timeout Logging, you cannot detect it at the exact time that it times out.

What you can do is to check the forms authentication ticket in Application_PreRequestHandlerExecute. This means that you can only check it at the times that the user makes requests to the server so if the user close the browser, you cannot detect this event until the next time the user visits your server again.

You can somehow work around this by using ajax requests in the background but that will only work as long as the user keep an open browser window with a page on your site loaded. Note that this may stop the timeout from happen if you have a sliding timeout.

Community
  • 1
  • 1
Andreas Paulsson
  • 7,745
  • 3
  • 25
  • 31
  • I tried some test using the suggestion, but I've hit an issue, when the forms authentication does timeout, my Authentication Ticket no-longer exists, so I can't check for it being expired. Is there some setting that could be causing this? – sbarnby71 Mar 22 '16 at 12:33
  • Can you verify (perhaps with Fiddler) that the Forms Authentication Cookie is sent in the request at all? – Andreas Paulsson Mar 23 '16 at 08:39
  • I can't easily post the code on fiddler, but ran some more tests proving the Auth Cookie is being created after login and is sent back with each request, but once the Auth Cookie has expired (set the timeout to be 2 mins, left the app alone for a 3 minutes), any request made does not contain the Auth Cookie. – sbarnby71 Mar 29 '16 at 09:48
  • How do you create the forms authentication cookie? Do you set expire time on it? If you set the cookie to expire at the same time as the ticket, you will never receive a cookie with an expired forms authentication ticket. – Andreas Paulsson Mar 29 '16 at 10:38
  • You can read about "How are cookie expiration and ticket expiration related?" at https://support.microsoft.com/sv-se/kb/910443 . – Andreas Paulsson Mar 29 '16 at 10:39
  • Will have a look through that. One thing I've just tried is to check the Auth Ticket in the `Global_ASAX_BeginRequest` event when I check it there I am seeing it as expired – sbarnby71 Mar 29 '16 at 12:47
  • The forms authentication cookie is set automatically - I use an asp.net login control, run my authentication check in the 'LoginControl_authenticate()' event and if they are valid, return Authenticated = true. The expiry should be picked up by my web.config setting for forms authentication – sbarnby71 Mar 29 '16 at 12:55