Authentication and Session

**Frinavale** · Dec 4 '09, 05:48 PM

Do your check in the Page Load event.

If session has expired then redirect the user somewhere in your Page Load event so that no event handling code will be executed (this includes more than just button click events, it will cover every type of event) .

Better yet, use forms authentication instead.
ASP.NET doesn't use Session for this. It creates a Principal object that is authenticated before your code is even executed. If the user is no longer authenticated, ASP.NET will automatically do this redirect before your code is executed, saving time and resources.

-Frinny

**semomaniz** · Dec 4 '09, 05:51 PM

i have form authentication setup, but still dont know why the buttons are firing the click event what i have is a text box which fires a text change event and updates the database but when the user leave the page up for some time and then make the change it fires the change event and makes changes to the database. I dont think this is supposed to happen when form authentication is being used. Any ideas whats causing it ?

**Frinavale** · Dec 4 '09, 05:57 PM

Are you storing the user's information in Session (old school way of authentication) ?

-Frinny

**semomaniz** · Dec 4 '09, 05:58 PM

Nope i am using Sql Membership class

**Frinavale** · Dec 4 '09, 06:00 PM

So this has nothing really to do with Session..this has to do with the authentication ticket expiring right?

(Sorry trying to understand the problem better)

-Frinny

**semomaniz** · Dec 4 '09, 06:05 PM

yes even though the user is not authenticated the text change fires instead of redirecting it to login page.

I am guessing this has to do something with the update panel since the text box is inside an update panel. This is kind of weird . I will place a criteria to check if user is authenticates on the text change event for a quick fix . But i am still wondering why the text change is being fired event thought the authentication has expired

**Frinavale** · Dec 4 '09, 06:08 PM

It shouldn't happen.

Your code should not be executed because ASP.NET should redirect your user if they are not authenticated.

The only thing that I can think of is that you haven't placed the restricted webpage into a folder that specifies that no un-authenticated user can access those resources.

Check your web.config for the folder that the page exists in. Make sure that you have restricted access to the resources within that folder correctly by denying any user that is not authenticated.

-Frinny

Authentication and Session

Authentication and Session

Comment

Comment

Comment

Comment

Comment

Comment

Comment