cclooksgood
Posts: 48
|
Posted: 11/27/2012, 3:36 PM |
|
I have created multiple projects using the Inmotion and in every one after about a half hour, I lose session... Also, the application although has lost session does not force the user to sign back in, instead it shows secure pages...
Anybody else have this problem.
|
|
|
cvboucher
Posts: 191
|
Posted: 11/28/2012, 3:15 PM |
|
Yes. The InMotion framework is using Forms Authentication. The default timeout that is put in the web.config is 43200 seconds or 12 hours. The session variable still get populated but go away after 20 minutes (set in IIS). You could change the forms authentication to 1200 seconds to keep them in sync.
My users always complained about the 20 minute timeout so I went away from session variables and only use the forms authentication. I also had to create my own role based security system that lets the users define roles and security privileges in database tables. Now I don't have to update and roll out the app every time there is a change to security.
As a work around, if you have a header include on every page, check to see if the session variables are still populated. If not, use HTTPContext.Current.User.Identity.Name to get the current login and do a database lookup to repopulate the session variables.
HTH,
Craig
|
|
|
|