Thursday, April 26, 2007

Session_End v/s 'User.Identity.IsAuthenticated'

Below are few key concepts associated with Auto/Forced Session_End event & FormsAuthentication.SignOut().


Facts with Auto/Forced Session_End event.

We know that changing Web.config clears the Session/Application state and in result ‘Session_End’ event will fire in Global.asax.

Or maybe the possibility that something goes wrong and Session_End event fires automatically.


Whenever the Session_End event fires below are do’s and don’ts:

·         Clears the Session State.

·         But Still the , it does not clear the ‘Authentication’. i.e Still the ‘User.Identity.IsAuthenticated’ will return true. Hence the flow-control will remain on the same page and will not be redirected to ‘Login’ Page.



1.       Login with login page

2.       Go to ModifyConfig.aspx page.

a.       Here do some modification in Web.config which leads to ‘Session_End’ event fires.

b.      Though the Session_End event fires, the control remains on the same page i.e. ModifyConfig.aspx

c.       Now if you click some button again on this page and tries to access ‘‘User.Identity.IsAuthenticated’, it will return true.

3.       Hence if you need the functionality as: The control should be redirected to ‘Login’ Page, once you make the modification in Web.config, do fire two things:

a.       FormsAuthentication.SignOut().

b.      Redirect to the same page. This will automatically will throw you to the login page.



Facts with FormsAuthentication.SignOut():


Whenever we call thi smethod below are do’s and don’ts:

·         It will not fire the Session_End Event.

o   Hence in turn will not clear the Session State. i.e If you try to access the Session after calling this method, you’ll be able to access the Session Data.

o   Solution : Explicitly call Session.Abandon().

§  This will fire the Session_End Event and will clear the Session.

·         But still the lines accessing Session just below the Session.Abandon() statement will be able to do that.

o   Will clear the ‘Authentication’. i.e the ‘User.Identity.IsAuthenticated’ will return false.

o   Also won’t  redirect automatically to the login page.

§  Solution: Redirect to the same page. This will automatically will throw you to the login page.

§  Or will be redirected to the login page on next click event on the page.





Thanks & Regards,

Arun Manglick

SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258


DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.

No comments:

Post a Comment