I have a simple ASP.NET 4 site. I use forms authentication. I have a session timeout set to 20 minutes. Also, when the user authenticates, I set the AuthenticationTicket to expire after 20 minutes. So everything is working fine. If there is no more than 20 minutes of inactivity, and the user requests a page on the site, they are redirected back to the login page, as I expected.
However, let's say that the user is on the page containing the form. Then they wait 25 minutes. Then they are sent to submit the form. Instead of being redirected back to the login page, the site tries to postback, and I get errors right away because there is a code in the mail that tries to get information from the session.
ASP.NET does not seem to redirect back to Login on postback if the authentication and session have expired. How can I handle this? I hope I do not need to write special code on every page.
ADDED: web.config code
<location path="ForgotLogin.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
Corey
source
share