Results 1 to 6 of 6

Thread: Web.config and timeout

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2001
    Location
    Denmark
    Posts
    1,049

    Question Web.config and timeout

    I have set a timeout in my web.config to 20 min. I wish that the user is redirected to the login-page (login1.aspx) when timing out. But this doesn't happen applying the web.config file shown below. What is wrong?

    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        
      <system.web>
    	
    	<pages smartNavigation="true" />
    
        <!--  DYNAMIC DEBUG COMPILATION
              Set compilation debug="true" to insert debugging symbols (.pdb information)
              into the compiled page. Because this creates a larger file that executes
              more slowly, you should set this value to true only when debugging and to
              false at all other times. For more information, refer to the documentation about
              debugging ASP.NET files.
        -->
        <compilation defaultLanguage="vb" debug="true" />
    
        <!--  CUSTOM ERROR MESSAGES
              Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
              Add <error> tags for each of the errors you want to handle.
        -->
        <customErrors mode="Off" />
    
        <!--  AUTHENTICATION 
              This section sets the authentication policies of the application. Possible modes are "Windows", 
              "Forms", "Passport" and "None"
        -->
        <authentication mode="Forms"> 
    		<forms name=".hpl" loginUrl="login1.aspx" protection="All" timeout="20" />
    	</authentication>
        
        <!--  AUTHORIZATION 
              This section sets the authorization policies of the application. You can allow or deny access
              to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
              (unauthenticated) users.
        -->
        <authorization>
            <allow users="?" /> <!-- Allow all users -->
    
                <!--  <allow     users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                      <deny      users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                -->
        </authorization>
    
        <!--  APPLICATION-LEVEL TRACE LOGGING
              Application-level tracing enables trace log output for every page within an application. 
              Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
              trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
              application trace log by browsing the "trace.axd" page from your web application
              root. 
        -->
        <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
    
    
        <!--  SESSION STATE SETTINGS
              By default ASP.NET uses cookies to identify which requests belong to a particular session. 
              If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
              To disable cookies, set sessionState cookieless="true".
        -->
        <sessionState 
                mode="InProc"
                stateConnectionString="tcpip=127.0.0.1:42424"
                sqlConnectionString="data source=127.0.0.1;user id=sa;password="
                cookieless="false" 
                timeout="20" 
        />
    
        <!--  GLOBALIZATION
              This section sets the globalization settings of the application. 
        -->
        <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
       
      </system.web>
    
    </configuration>

  2. #2

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2001
    Location
    Denmark
    Posts
    1,049

    SOLVED

    I forgot to import system.web.security on all pages

  3. #3
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,704
    ??

    How does importing Web.Security handle this?

  4. #4
    Fanatic Member venerable bede's Avatar
    Join Date
    Sep 2002
    Location
    The mystic land of Geordies
    Posts
    1,018
    Yeah. How does that work for you ?

  5. #5

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2001
    Location
    Denmark
    Posts
    1,049
    in the .vb file you include this:
    Imports System.Web.Security

    And I have used these tags in the web-config file:
    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        
      <system.web>
    	
    	<!--<pages smartNavigation="true" />-->
    
        <!--  DYNAMIC DEBUG COMPILATION
              Set compilation debug="true" to insert debugging symbols (.pdb information)
              into the compiled page. Because this creates a larger file that executes
              more slowly, you should set this value to true only when debugging and to
              false at all other times. For more information, refer to the documentation about
              debugging ASP.NET files.
        -->
        <compilation defaultLanguage="vb" debug="true" />
    
        <!--  CUSTOM ERROR MESSAGES
              Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
              Add <error> tags for each of the errors you want to handle.
        -->
        <customErrors defaultRedirect = "CustomErrors.aspx" mode = "RemoteOnly" />
    
        <!--  AUTHENTICATION 
              This section sets the authentication policies of the application. Possible modes are "Windows", 
              "Forms", "Passport" and "None"
        -->
        <authentication mode="Forms"> 
    		<forms name=".hpl" loginUrl="login.aspx" protection="All" timeout="20" />
    	</authentication>
        
        <!--  AUTHORIZATION 
              This section sets the authorization policies of the application. You can allow or deny access
              to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
              (unauthenticated) users.
        -->
        <authorization>
            <deny users="?" /> <!-- Allow all users -->
    
                <!--  <allow     users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                      <deny      users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"/>
                -->
        </authorization>
    
        <!--  APPLICATION-LEVEL TRACE LOGGING
              Application-level tracing enables trace log output for every page within an application. 
              Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
              trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
              application trace log by browsing the "trace.axd" page from your web application
              root. 
        -->
        <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
    
    
        <!--  SESSION STATE SETTINGS
              By default ASP.NET uses cookies to identify which requests belong to a particular session. 
              If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
              To disable cookies, set sessionState cookieless="true".
        -->
        <sessionState 
                mode="InProc"
                stateConnectionString="tcpip=127.0.0.1:42424"
                sqlConnectionString="data source=127.0.0.1;user id=sa;password="
                cookieless="false" 
                timeout="20" 
        />
    
        <!--  GLOBALIZATION
              This section sets the globalization settings of the application. 
        -->
        <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
       
      </system.web>
    
    </configuration>

  6. #6
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,704
    mmm... Importing System.Security just tells the compiler to make that class reference available to your page.

    It (the reference) isn't necessary to redirect a user to the login page when they timeout, because it doesn't accomplish anything.
    The web.config for that application accomplishes redirection if the session times out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width