Login page with automatic logout with sessions in ASP.NET

Question

1.00/5 (1 vote)

See more:

C#

<pre>


My web.config

 <system.web>
   
	  <authentication mode="Forms">
		  <forms loginUrl="Login.aspx" ></forms>
	  </authentication>
	  <sessionState  timeout="1" ></sessionState>

  </system.web>


Global.asax

protected void Session_Start(object sender,EventArgs e)
        {
            Session["LastActivityTime"] = DateTime.Now;
        }
        protected void Session_End(object sender,EventArgs e)
        {
            DateTime lastActivityTime = (DateTime)Session["LastActivityTime"];
            if (DateTime.Now - lastActivityTime > TimeSpan.FromMinutes(1))
            {
                if (HttpContext.Current != null)
                {
                    FormsAuthentication.SignOut();
                    Response.Redirect("Login.aspx");
                }
            }
        }

My Login.aspx.cs
 

    public partial class Login : System.Web.UI.Page
    {
        ExceptionManager oExceptionManager = new ExceptionManager();
        MyProjectBLL oProjectBll = new MyProjectBLL();
        
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["LastActivityTime"] != null)
            {
                Session["LastActivityTime"] = DateTime.Now;
            }
        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            DataTable dt = new DataTable();          
            try
            {
                dt = oProjectBll.GetCredentials();
                if (dt.Rows.Count > 0)
                {
                    foreach (DataRow dataRow in dt.Rows)
                    {
                        string storedUsername = dataRow["USERNAME"].ToString();
                        string storedPassword = dataRow["PASSWORD"].ToString();
                        if (storedUsername == txtName.Text && storedPassword == txtPwd.Text)
                        {                           
                            Response.Redirect("~/CommonControls/MasterPageWebForm.aspx");
                        }
                    }
                }
            }
            catch(Exception ex)
            {
                oExceptionManager.LogError(ex.Message, "Inside btnSubmit_Click function from Login.aspx.cs");
            }
        }
    }

What I have tried:

i was trying to do automatic logout for my web application if the user is idle or not visiting the page it will automatically redirect to login page what i have tried is above code

im getting Object reference not set to an instance of an object at   FormsAuthentication.SignOut(); pls help me to solve it

Posted 9-Oct-23 19:53pm

Jaya Prakash Sep2023

Updated 9-Oct-23 19:54pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2023-10-11T00:02:00

The Session_End event[^] fires when the session times out; in this case, that will be one minute after the user last made a request.

There will not be a current HttpContext, there will not be a Response to Redirect, and there will not be a current user to SignOut.

If you're getting to the FormsAuthentication.SignOut call, that suggests you're not testing the HttpContext.Current property as shown in your question.

But I suspect you're actually getting the error from a different line - the Session property looks suspicious to me. But since you haven't shown how you've declared or set it, that's just a guess.

Since the event fires when the session ends, there's absolutely no purpose in checking when the user last made a request; you already know it's at least one minute in the past.

And since you only set the LastActivityTime when the session starts, rather than when the user makes a request, your check wouldn't make sense anyway.

It seems you need to look at using sliding expiration[^] for your forms authentication. That way, the authentication ticket will expire if the user doesn't make a request at least once per minute.