Click here to Skip to main content
14,699,489 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I need to intercept a web forms timeout event to trigger my own code.
How to do this?

What I have tried:

I have a website using Forms Authentication for user logins.
This is all working nicely but I want to include the ability to reject a logon if a user is already logged in. ie reject concurrent logons from 2 PC's.

To do this I have appended a 'LoggedIn' column to the SQL aspnet_Users table.
The asp:Login's 'LoginUser_LoggedIn' event writes a 1 to the LoggedIn column and further login attempts check this value before allowing access.

When the user logs off, the asp:LoginView's 'HeadLoginStatus_LoggedOut' event writes a 0 to the table to reverse the login.

As I said this is all working fine.

The problem I have is that when the forms automatic timeout is triggered, obviously the table is not updated to reflect the logout. I need to intercept the forms timeout event so as to update the users table.
How?


Here's the Forms code from the web.config file
<authentication mode="Forms">      
      <forms name=".ASPXAUTH" loginUrl="~/Account/Login.aspx" protection="All" timeout="240" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" />
</authentication>
Posted
Updated 12-Nov-19 23:12pm
v4

What you want to do is to utilize the Session End event to update our SQL table

Session_Start and Session_End | The ASP.NET Forums[^]
   
Comments
Member 11709930 12-Nov-19 18:40pm
   
Thanks but I'm after the Forms Timeout which logs off the user.
Session timeout is somewhat different.
MadMyche 13-Nov-19 7:57am
   
I understand that; the only problem is there really is no documentation for a "Forms Timeout Event".
What you can do is utilize the SessionID along with the Token to set/reset your LoggedIn status.

Most likely you will need to do this within an HttpModule, which has events for AuthenticateRequest and AuthorizeRequest; and if the SessionID-Token pair is "broken" then you kill the login.

IF I have some spare time today, I will see if I can find some info or code... just consider this a starting point
Member 11709930 13-Nov-19 15:01pm
   
Appreciate your help MadMyche as I'm way out of my experience depth with this.
   
Comments
Member 11709930 13-Nov-19 14:35pm
   
I agree with that up to a point.
In my case, I am restricting users so as to avoid having to buy a large number of SQL CAL's.
F-ES Sitecore 14-Nov-19 4:39am
   
In a web server there is only one thing accessing SQL and that is the web server, no matter how many users you have. I don't know a lot about licensing but it seems to me your actual issue is getting the right\appropriate license. I believe there are web specific licenses for SQL Server. In addition to all of that, being logged in or not does not define access. You're still a "client" if you are not logged in.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900