How auto log out after 30 min inactivity?

Re: How auto log out after 30 min inactivity?

Since you're using forms authentication, modify the forms authentication timeout :

<forms name=".ASPXAUTH " loginUrl="login .aspx" protection="All " timeout="30" path="/"
requireSSL="fal se" slidingExpirati on="true">



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========

"Cirene" <cirene@nowhere .comwrote in message news:eEXlA3%23z IHA.3496@TK2MSF TNGP03.phx.gbl. ..

Re: How auto log out after 30 min inactivity?

Thanks. I assume this is in the web.config file, correc?

Do I put that statement under here?
<authenticati on mode="Forms"/>


"Juan T. Llibre" <nomailreplies@ nowhere.comwrot e in message
news:%238c5Aq$z IHA.2384@TK2MSF TNGP02.phx.gbl. ..

Re: How auto log out after 30 min inactivity?

re:
!Thanks. I assume this is in the web.config file, correct?

Correct.

re:
!Do I put that statement under here?
!<authenticatio n mode="Forms"/>

Yes. See a complete example here :




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========
"Cirene" <cirene@nowhere .comwrote in message news:OglMHw$zIH A.1240@TK2MSFTN GP02.phx.gbl...

Re: How auto log out after 30 min inactivity?

Cirene explained on 16-6-2008 :If you (also) want to redirect the user automatically to some "you are
logged out" page, you will need a client-side javascript timer to load
a different page, *after* the timeout should have happened (else the
user has been "active" again). A server-side timeout can not push an
other page to the browser.

By the way, you probably also want to set the Session timeout to 30
minutes (it has a default of 20) - else the user is still logged in but
his session has expired!

Hans Kesting

Re: How auto log out after 30 min inactivity?

re:
!By the way, you probably also want to set the Session timeout to 30 minutes
!(it has a default of 20) - else the user is still logged in but his session has expired!

Only if the session object is being used, right ?

It seems like needless overkill to also use the session object to store user properties/preferences
when Membership is capable of storing the very same information and the storage/retrieval
for the Membership process is easier, and less expensive on resources, than the session object.

Most programmers use *either* Membership or Sessions, not both in the same application.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
=============== =============== ========
"Hans Kesting" <news.hansdk@sp amgourmet.comwr ote in message news:e$$sYPF0IH A.3968@TK2MSFTN GP04.phx.gbl...

Re: How auto log out after 30 min inactivity?

What Juan has suggested handles the backend. You may also want to consider
adding something that kicks the user to the login page after the session is
gone (or actually just before, as the timeout is not guaranteed 100%).

To do that you can use a meta-refresh tag on every page for 30 minutes. Kick
the user to a logout page that does the following:

1. Kicks off membership
2. Abandons session

#1 should be accomplished by #2, but you can code both for safety. Then have
that page forward a person to the login page.

Setting the config will lose the session, etc., but if a person is in the
middle of a form, he will not find out until he hits the submit button.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog


or just read it:


*************** *************** *************** ****
| Think outside the box!
|
*************** *************** *************** ****
"Cirene" <cirene@nowhere .comwrote in message
news:eEXlA3%23z IHA.3496@TK2MSF TNGP03.phx.gbl. ..