1

I use chrome as debugging browser.

When I start my MVC (Razor) website, click the stop button and the website keeps running in chrome ,while I can make changes in VS ... perfect.

But sometimes (due to I don't know what changes), when I refresh a page, I'm still logged in, but I looses all my session vars.

How can I catch if session vars is cleared, so I can take my users back to login page? (I need a kinde global.asax page_request method.

I do have the .. <forms loginUrl="~/Account/LogOn" timeout="2880" /> ... but Im not logged out - only session vars are cleared.

tereško
  • 58,060
  • 25
  • 98
  • 150
MojoDK
  • 4,410
  • 10
  • 42
  • 80

3 Answers3

2

It's because your login state is persisted in a client cookie. The session state is persisted on the server in memory (or whatever). When your app restarts the session is cleared but the user still has a valid forms authentication token (assuming forms authentication here) on their machine. Forms authentication does't use session in any way by default.

So, at the beginning of the request, you can either reload the user session from the database when it's null (I think this is the preferred approach if possible) or redirect the user to the login screen with a message saying "ooops, sorry we've lost your session" (which is not good!)

Lee Gunn
  • 8,417
  • 4
  • 38
  • 33
0

If you use the built-in Authorization functionality, you can just add the [Authorize] attribute. There's some info on using custom authentication here:

ASP.NET MVC Authorization

Community
  • 1
  • 1
Danny Tuppeny
  • 40,147
  • 24
  • 151
  • 275
0

Lee Gunn explained it well. One solution would be to create a custom filter attribute similar to Authorize that verifies the session has the values you're expecting and decorate the appropriate controllers/actions.

Jim Bolla
  • 8,265
  • 36
  • 54