The
timeout
attribute at
sessionState
element in
web.config
lets you configure the session timeout.
However, if you want to be redirected to the Login page once the session is invalidated (Session is time out), you have to implement the following logic:
1. After login, put the
userName
(Or any unique value which identify the user) in the session using a key. Say,
Session["USER"] = userName;
2. At
Page_Load()
method of each page (Or, in the base page which is inherited by all other pages), check whether the
userName
is available in the Session, and, redirect to login page if the
userName
is not found. Say,
string userName = Session["USER"] as string;
if(string.isNullOrEmpty(userName))
{
Response.Redirect("Login.aspx");
}
However, if you use
Forms Authentication
, you just need to make sure that, the
timeout
value of the
sessionState
element and
timeout
value of
forms
element is same. The
Forms Authentication
system will automatically redirect you to the login page (Assuming that,
Forms Authentication
is correctly configured in
web.config
)
See
http://support.microsoft.com/kb/301240[
^] to learn how to configure
Forms Authentication
in your Asp.net application.