Search code examples
asp.netforms-authenticationlogin-control

Asp.net login control Autologout/AutoRedirect and label Value

I have setup an asp.net login control (the provided control from asp.net configuration) and it's working fine.

I have added code to the web.config, so that after 3 min, it automatically logs out the user.

<authentication mode="Forms">
  <!-- Autologout after xxx min. to login.aspx -->
  <forms loginUrl="~/login.aspx" defaultUrl="~/login.aspx" slidingExpiration="true" timeout="3"/>
</authentication>

If using that code, then I get the autologout and if clicking on a link after 3 min then I get to the login page.

How does this work? Is it 3 min from login or is it after 3 min of inactivity !?

Also, can I add a label on my login page and then it will tell the user why he/she is redirected to the login page, if YES how ?

And lastly: how can i get it to redirect the user to the login page after 3 min. so it's not after 3 min. and then when the user clicks a link, but so it's after 3 min, refresh (if inactivity) and then automatically jump to the login page and show my label with text, explaining why he/she is not logged in !??

............................................................................................................................................................................

I cant get it to work if we look at the no. 2 solution.

On my main page (code_behind) i have this in page_load Session("logintime") = DateTime.Now.ToString() with a response write i get this on main page 01-10-2012 18:30:42, now its 18:37:25 and it haven't redirect yet, and i haven't made activity in the prowser window at all.

My code for the main page is.

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="default.aspx.vb" Inherits="_default" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<script type="text/javascript">
var count = 30000
var timeLoggedIn = new Date('<%=Session("logintime")%>')
var timeLogOut = new Date('<%=Session("logoutTime") %>');

setTimeout(LoggedInCheck(), 30000);

function LoggedInCheck() {
    var now = new Date();
    var now_utc = new Date(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate(), now.getUTCHours(), now.getUTCMinutes(), now.getUTCSeconds());
    if (now_utc > timeLogOut) {
        window.location = "http://www.google.dk";
    }
}

function countDown() {
    if (count <= 0) {
       // window.location = redirect;
    } else {
        count--;
        document.getElementById("timer").innerHTML = "This page will redirect in " + count + " seconds."
        setTimeout("countDown()", 1000)
    }
}
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<span id="timer">  
<script>
countDown();
</script>  
</span> 
</div>
</form>
</body>
</html>

Code_behind

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    If Not IsPostBack Then
        Session("logintime") = DateTime.Now.ToUniversalTime().ToString("MM/dd/yyyy hh:mm:ss")
        Session("logoutTime") = DateTime.Now.ToUniversalTime().AddMinutes(3).ToString("MM/dd/yyyy hh:mm:ss")

        Response.Write("time now: " & Session("logintime"))
        Response.Write("<br />")
        Response.Write("reload at time: " & Session("logoutTime"))
    End If

End Sub
Solution

  • This is the solution.

    In web.config add.

    <sessionState timeout="3"></sessionState>

    remember its working in min.

    On the page u need to test for the autologout use this in code_behind, to start the javascript.

    Partial Class _default
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    If Not IsPostBack Then
        Page.ClientScript.RegisterStartupScript(Me.[GetType](), "onLoad", "DisplaySessionTimeout()", True)
        Response.Write(Session.Timeout)
    End If

End Sub

End Class

    U dont need the response.write its just for testing that it get the right session.timeout from web.config in min.

    On ur main page use this code, (u dont need the counter her, its just for testing so u know when its redirecting u)

    <!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<script type="text/javascript">
    var sessionTimeout = "<%= Session.Timeout %>";
    var count = 60 * sessionTimeout
    function DisplaySessionTimeout() {
        setTimeout("location.href='http://www.google.com';", 60000 * sessionTimeout);
    }

    function countDown() {
        count--;
        document.getElementById("timer").innerHTML = "This page will redirect in " + count + " seconds."
        setTimeout("countDown()", 1000)
    }
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<span id="timer">  
<script>
countDown();
</script>  
</span> 
</div>
</form>
</body>
</html>

    Here its taking the session.timeout and * it with 60000 mili. sec. so it after 3 min. will redirect to the login page or in this case google.

    I havent got the time to test it with a gridview to see if its reset the counter, when the session.timeout is reset bc of activity, so u need to test that, but here is a working code.