0

I have a question regarding Sessions and Logins.

I currently developing a website in ASP.NET. I want the website to refresh every x seconds.

The thing is that the site uses Authentication.

So the first the user login and then the autorefresh occurs after x seconds. I am thinking of just writing a Cookie indicating that the user is logged in and setting the cookie expiration to maybe 10 minutes.

My question is when does the cookie expire? When the browser closes? Because if the it expires after then minutes while the user is logged on then this solution is not good - because the user has to login again after 10 minutes.

Might be a silly question...

Thanks guys.

user3514987
  • 210
  • 3
  • 9

2 Answers2

2

To expand on @Spikolynn answer, all you need to do is to put in your web.config:

<authentication mode="Forms">
  <forms loginUrl="/Login.aspx" timeout="2880"/>
</authentication>

that's it, now you need a function to log in:

private bool IsValid(string username, string password)
{
    bool isValid = false;
    //put some logic here
    //if user authenticate set to true

    return isValid;
}

Sign in:

if (IsValid("someUser", "SomePassword"))
{
   FormsAuthentication.SetAuthCookie(user.Username, false);
}

Sign Out:

FormsAuthentication.SignOut();

No need to reinvent the wheel, use the tools ASP.net provide

meda
  • 45,103
  • 14
  • 92
  • 122
1

If you are using Forms authentication, then cookie expiration is controlled with <authentication> tag in web.config. Forms authentication timeout vs sessionState timeout has a few more details.

Or do you really want to create your own cookie/authentication schemes?

Community
  • 1
  • 1
Spikolynn
  • 4,067
  • 2
  • 37
  • 44
  • So I should use Forms Authentication? I can set a timeout value for the session there for lets say 30 mins? So if the user closes the browser and navigates to the site again after 30 mins, it will ask the user to logon again? – user3514987 May 26 '14 at 20:25
  • 1
    Depends. It is not 100% clear to me what you are trying to achieve. What kind of authentication are you using now? Try reading the link I posted,. There's also mention of sessionState timeout and slidingExpiration which might do what you want there. – Spikolynn May 26 '14 at 20:27
  • It is just usernames and passwords stored in a database. What I want to archieve is that I want to refresh a specific page every x seconds. The site uses Login. So if I refresh the site every x seconds I have to store some info indicating the user has been logged on... – user3514987 May 26 '14 at 20:29