Click here to Skip to main content
14,662,818 members
Rate this:
Please Sign up or sign in to vote.
Hi,


I want to create an website where there will be two forms login and after login. After login , the valid user will be redirected to after login page. Now like many websites(eg. way2sms.com..) when there is no activity for more than 30 min(approx.) in after login page,any request in after login would result a redirection to login page.

I am using asp.net C# and SQL server 2005.

Please help me..

Thanks
Posted
Comments
   
It's not just redirection to a login page. After timeout, the user should be automatically logged out, which is way more important.
Anyway, what's the problem here?
—SA

Rate this:
Please Sign up or sign in to vote.

Solution 2

There is a maxim that, if you need to ask about hand-rolling your owns security, you shouldn't be writing your own security. It is much more complicated than it first appears, and it is very easy (even for an experienced hand) to introduce security holes.

I strongly suggest you take a look at http://www.asp.net/web-forms/tutorials/security[^] and videos here[^]. These tutorials give an overview, and uses security providers (pluggable components set up mostly by configuaration). They focus on the Sql providers which provides a double benefit: the pre-defined schema tables can be generated using a bundled tool[^] so you don't need to define the tables yourself, and the providers are well documented & relatively simple to use. I've found them good enough for most basic needs. This includes a time-out which can be configured to be absolute (e.g. every 30 mins) or rolling (after 30 mins of inactivity)

If you don't have an SQL Server DB, don't want one or already have a different role/auth information store you can use one of the other built in providers, or subclass them to take complete control over how the information is accessed. For example I had a scenario where we needed to have both SQL-based accounts for "web users" and internal people needing to log in with their domain credentials. I sub-classed the SQL providers and, for people using domain I checked their creds in code via Active Directory, for the Web users I just returned the results of the base class.
   
v2
Rate this:
Please Sign up or sign in to vote.

Solution 1

You must use a global variable and threading concept in a Global.asax class file so that it will count the time (tick).. and after specified amount of time user will be logged out automatically..

Click this Link for more detailed solution
   
Comments
Keith Barrow 24-Jul-13 8:03am
   
I removed my earlier comments, from your post it looked like you were suggesting a threaded timer to handle the log-out. When I looked at the link it doesn't do that, so apologies.
One thing I would say about this method is that it conflates the idea of session with the idea of authenication, these are not the same thing. The OP may have a circumstance where this doesn't matter, but then they may not. Personally I'd avoid coupling these two things together, I certainly see situations where I'd want session to end to release resources but the user to be logged in. See http://stackoverflow.com/questions/454616/asp-net-cookies-authentication-and-session-timeouts for some helpful-ish discussion
Rate this:
Please Sign up or sign in to vote.

Solution 3

You must use a global variable and threading concept in a Global.asax class file so that it will count the time (tick).. and after specified amount of time user will be logged out automatically..
   
Comments
Keith Barrow 24-Jul-13 5:25am
   
This is an almost vebatim copy of kshrao3's answer, this is why I voted 1.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100