0

I'm checking whether the last time a user has changed the password. If it's more than 90 days, I'll redirect the user to the Password Change page. 

protected void LoginUser_LoggedIn(object sender, EventArgs e)
{
   //has their password expired? 
   var _user = MembershipRepository.GetUser(this.LoginUser.UserName);

   if (_user != null 
             && _user.LastPasswordChangedDate.Date.AddDays(90) < DateTime.Now.Date) 
     {
       Server.Transfer("~/SiteNav/ChangePassword.aspx");
     }
}

The problem I'm having is that when ChangePassword.aspx displays, the user is not logged in. Unless I refresh manually the page, then the LoginStatus control shows the username of the user.

I've tried to refresh the page in the code, but it's still not working.

protected void Page_Load(object sender, System.EventArgs e)
{   
  var _url = HttpContext.Current.Request.Url.ToString();

   if (_url.ToLower().EndsWith("default.aspx")) 
   {
    Page.ClientScript.RegisterStartupScript(this.GetType(), 
         "RefreshPage", "window.location.reload();", true);
    Response.Redirect("~/SiteNav/ChangePassword.aspx");
   }
}

It's so confusing. When we get to the LoggedIn event, I though the user was already logged in.

Thanks for helping.

Richard77
  • 20,343
  • 46
  • 150
  • 252

1 Answers1

1

It's probably due to the cookie not being included in the response when you do a redirect, as at that point in time the auth cookie will have been set on your machine, but won't have been in the Request. When the cookie is set it's not automatically updated in the response.

See This Answer for some code that should sort it

Community
  • 1
  • 1
Matt
  • 1,494
  • 2
  • 18
  • 38
  • So what you are saying is that the cookie already exists but it's just not included. What's the name of the cookie so I can include it in the collection. The example you pointed me too doesn't provide the name of the cookie. – Richard77 May 16 '16 at 16:31
  • I was able to set the cookie using what's said in this post. `http://stackoverflow.com/questions/7217105/how-can-i-manually-create-a-authentication-cookie-instead-of-the-default-method`. Unfortunately, if I refresh the page, the cookie disappears. So I tried instead `Response.Redirect`. Now it's working fine. Thanks for the answer which made me realise the true difference between `Server.Transfer` and `Response.Redirect`. – Richard77 May 16 '16 at 17:14