> Hi All,
>
> I am developing using ASP.NET using VB on .NET framework 1.1.
>
> I have an application that uses forms based authentication. When the
> session times out and sends the user back to the login page, I see
> that it populates a return_url value and adds it to the url. Such that
> when the user then authenticates, the
> FormsAuthentication.RedirectFromLoginPage then uses the return_url to
> return the user back to the page they were on when the session
> expired. All well and good, but, some of my pages rely on the previous
> content of the session variables to be able to populate the page they
> were previously on.
>
> Is there any way of preventing the redirect to the return_url, eg by
> using something instead of FormsAuthentication.RedirectFromLoginPage,
> that only ever takes the user to the mainmenu page? Or, do I need to
> add checking for the existence of the required session values on each
> page (rather painful if I do have to).
>
> Please be gentle, I am not very experienced with ASP.NET as you may
> see by
> my question.
> Thanks in advance
> Janette

> RedirectFromLoginPage simply call 2 APIs that you can call yourself,
> 1. FormsAuthentication.SetAuthCookie to set the ticket
> 2. Response.Redirect(FormsAuthentication.GetRedirectUrl(..))
>
> 2 does the redirect and you can do it yourself.
>
>> Hi All,
>>
>> I am developing using ASP.NET using VB on .NET framework 1.1.
>>
>> I have an application that uses forms based authentication. When the
>> session times out and sends the user back to the login page, I see
>> that it populates a return_url value and adds it to the url. Such that
>> when the user then authenticates, the
>> FormsAuthentication.RedirectFromLoginPage then uses the return_url to
>> return the user back to the page they were on when the session
>> expired. All well and good, but, some of my pages rely on the previous
>> content of the session variables to be able to populate the page they
>> were previously on.
>>
>> Is there any way of preventing the redirect to the return_url, eg by
>> using something instead of FormsAuthentication.RedirectFromLoginPage,
>> that only ever takes the user to the mainmenu page? Or, do I need to
>> add checking for the existence of the required session values on each
>> page (rather painful if I do have to).
>>
>> Please be gentle, I am not very experienced with ASP.NET as you may
>> see by
>> my question.
>> Thanks in advance
>> Janette
>
>

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%23bpq1vppGHA.3288@TK2MSFTNGP03.phx.gbl...
> In addition, don't confuse forms authentication timeout with session state
> timeout. They are tied to different cookies and can have different
> values. For example, your session state can time out before your forms
> auth and vice versa.
>
> I'd suggest doing a check in your page load to verify that values you
> expect to be in session are present and redirect to a "safe" page such as
> the home page for the app if they are not. This way, the session state
> validation is not tied to any specific authentication mechanism.
>
> Ditching session state where possible is also a good idea. :) Perhaps
> you could put this state in a query string or cookie instead. If the data
> is just cached for performance reasons, use the cache object instead.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
> message news:4580be6343708c874711eb6f3b9@news.microsoft.com...
>> RedirectFromLoginPage simply call 2 APIs that you can call yourself,
>> 1. FormsAuthentication.SetAuthCookie to set the ticket
>> 2. Response.Redirect(FormsAuthentication.GetRedirectUrl(..))
>>
>> 2 does the redirect and you can do it yourself.
>>
>>> Hi All,
>>>
>>> I am developing using ASP.NET using VB on .NET framework 1.1.
>>>
>>> I have an application that uses forms based authentication. When the
>>> session times out and sends the user back to the login page, I see
>>> that it populates a return_url value and adds it to the url. Such that
>>> when the user then authenticates, the
>>> FormsAuthentication.RedirectFromLoginPage then uses the return_url to
>>> return the user back to the page they were on when the session
>>> expired. All well and good, but, some of my pages rely on the previous
>>> content of the session variables to be able to populate the page they
>>> were previously on.
>>>
>>> Is there any way of preventing the redirect to the return_url, eg by
>>> using something instead of FormsAuthentication.RedirectFromLoginPage,
>>> that only ever takes the user to the mainmenu page? Or, do I need to
>>> add checking for the existence of the required session values on each
>>> page (rather painful if I do have to).
>>>
>>> Please be gentle, I am not very experienced with ASP.NET as you may
>>> see by
>>> my question.
>>> Thanks in advance
>>> Janette
>>
>>
>
>