Hello I have 2 questions. Maybe you can help to me. I'm using MVC Single Tenant App. ASPNETZERO v1.12.2.0 [20170515]
- I need to store on the session the country selected from a dropdown and filter the queries based on that session value. Is there anything wrong if I use the standard method Session["Sample"] = "xxxx" instead of trying to use the samples with Claim and the custom class to store sessions as on the samples provided on this forum? I've checked and standard session variables seems to work fine.
2)On the web config file I set the session Timeout to 2 minutes, Session.timeout is returning the value 2 as expected. but the application is not redirected to the login page. Am I missing something, do I need to create the logic to do that, according to the forum it seems that it is built in. Please advice.
Thank you
9 Answer(s)
-
0
Hi,
Nothing wrong with using ASP.NET's Session. This may be a problem only if you have a web farm instead of a single server. Even in that case, you can use a distributed session adapter.
Since we don't use ASP.NET's Session, changing it's value does not effect user login's timeout. Instead, you should set Cookie auth timeout. It's configuration is defined here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/dev/src/MyCompanyName.AbpZeroTemplate.Web/App_Start/Startup.cs#L40">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L40</a> You can change it like:
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), ExpireTimeSpan = TimeSpan.FromMinutes(2) }); -
0
Worked Perfect !!! Thank you. Just to bypass the issue that calling a partial view, instead of loading any new page, throws an internal error message instead of redirecting to the login page. Just added this code to the layout page to redirect the page to the logout page.
<script> var sessionTimeoutWarning = @Session.Timeout- 1; var sTimeout = parseInt(sessionTimeoutWarning) * 60 * 1000; setTimeout('SessionEnd()', sTimeout); function SessionEnd() { window.location = "/Account/Logout"; } </script> -
0
<cite>hikalkan: </cite> Hi,
Nothing wrong with using ASP.NET's Session. This may be a problem only if you have a web farm instead of a single server. Even in that case, you can use a distributed session adapter.
Since we don't use ASP.NET's Session, changing it's value does not effect user login's timeout. Instead, you should set Cookie auth timeout. It's configuration is defined here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/dev/src/MyCompanyName.AbpZeroTemplate.Web/App_Start/Startup.cs#L40">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L40</a> You can change it like:
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), ExpireTimeSpan = TimeSpan.FromMinutes(2) });Even if I add ExpireTimeSpan, it has no affect on user logout. I've set time span to 1 minute and even after 5 min if I navigate to some other page, it works perfectly and does not logout user. For this 5 min, I didn't do anything on website, it was idle. How can I logout a user after expiry time?
-
0
@smartlayer Are you using MPA?
-
0
Yes it is.
-
0
30 minutes is the default timespan for the cookie to be rechecked against the security stamp for the user. If you are using ASP.NET Core, then see the answer in Why doesn't cookie ExpireTimeSpan setting work?
-
0
I'm using ASPNET MVC (not core) with jQuery. Can you please help with this?
-
0
<cite>aaron: </cite> 30 minutes is the default timespan for the cookie to be rechecked against the security stamp for the user. If you are using ASP.NET Core, then see the answer in Why doesn't cookie ExpireTimeSpan setting work?
I am still stuck on this. Changing ExpireTimeSpan does not have any affect. Can you please help me resolving this issue?
-
0
Could you try this #1934@1f308749-4892-4b61-b204-1fd793637688 ?
