I have an application using forms authentication. When the Session times out, it just clears all the session variables and does not force the user to log back in. Now the user is essentially logged in without any credentials. What is causing the forms authentication to not force the user to log in?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Forms Authentication Error
- Thread starter schwarem
- Start date
the redirect should be set in the web.config i thot.
and a deny unknown users
are you sure you are setup right in the config?
and a deny unknown users
are you sure you are setup right in the config?
Code:
<authentication mode="Forms">
<forms protection="All" timeout="90" slidingExpiration="true" loginURL="login.aspx">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>- Thread starter
- #4
Here is the section of the web.config file I have.
The session ends properly. It loses the session variables, but it does not force the user to log back in.
Code:
<authentication mode="Forms">
<forms name=".DOCAPP" loginUrl="login.aspx" slidingExpiration="true" protection="All" path="/" timeout="30"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>The session ends properly. It loses the session variables, but it does not force the user to log back in.
- Status