locked
asp.net session time out issue RRS feed

  • Question

  • User1598575720 posted

    Hi,

    I have a wired scenario in one of my ASP.net application.

    I am using ASP.net membership with my custom "roleManager",

    and having below tag in web.config to restrict any user not having role of "Keywords"(roles) to access "Keywords"(path) folder

    <location path="Keywords">

    <system.web>

    <authorization>

    <allow roles="Keywords"/>

    <deny users="*" />

    </authorization>

    </system.web>

    </location>

    If any user with some other role allow to assess this URL (Keywords in this case) will be redirected to a custom- Access denied page.

    Now things working fine but when I left my application with a inactivity of 30 min I am not able to visit the "Keywords", all the time I end up with the custom- Access denied page, if I close the browser, login again it start working fine.

    Please help me in this case.

    Thanks in advance

     

    Wednesday, February 9, 2011 7:10 AM

All replies

  • User1682618242 posted

    What is your session timeout setting? You can increase it .

    See here for some explanations:

    http://justgeeks.blogspot.com/2008/07/aspnet-session-timeouts.html

    Wednesday, February 9, 2011 7:54 AM
  • User1598575720 posted

    Hi 

    Thats a ton for your relpy, I have set 

    timeout="365" in <authentication mode="Forms">  AND
    <sessionState mode="InProc" cookieless="false" timeout="30"
    />

    now the issue is after session timeout user redirects  to the login page and after providing credientials the user is not able to access the path I have specified in <Location> tag inside web.config

    if I set
    <deny users="*" />
    as
    <deny users="?" />

    it works fine. i.e. login in same IE will allow me to asses my pages. 

     

     

     

     

     

    Wednesday, February 9, 2011 8:38 AM
  • User1682618242 posted

    <deny users="*" />
     

    means no one will acces this location

    <deny users="?" />

     means that unauthenticated users will not have access. Authenticated users only location.

    Wednesday, February 9, 2011 8:44 AM
  • User1598575720 posted

    I have below tags in webconfig

     

     

     

     

     

     

     

    <location path="Rules/RegisterSQLQuery.aspx">
      <
    system.web>
         <
    authorization>
          <
    allow roles="Settings" />
          <
    deny users="*" />
        </
    authorization>
      </
    system.web>
    </
    location>

    for each folders/pages in my website to allow access to user having role specified in
    <allow roles="Settings" />

    Now things work fine, but when session timeouts, user redirectes to login page and after providing correct credentials if she tries to access pages inside folder say [RegisterSQLQuery.aspx] in this case,  will redirects to custom access design page.

     

    Wednesday, February 9, 2011 8:53 AM