User not being logged out when session expires.. Is this Possible?

RangerGuy posted on Saturday, November 04, 2006

This is in my webconfig file I have the custom membership provider set up just like the book and it works awesome. I'm using cookieless sessions. But when the session times out.. it's just generating a new session ID.. I need the user to be logged out as well and redirected to the login page.

tetranz replied on Saturday, November 04, 2006

I haven't tried cookieless sessions but ...

Are you perhaps enabling (and checking) the "Remember Me" checkbox in the login control? If you do that then you will always be logged in as far as asp.net forms authentication is concerned. You won't have a CSLA principal after the session is renewed but that may not be immediately obvious until you try to do something using the CSLA principal. At least that was my experience.

I enhanced the code in global.asax and my principal to make Remember Me work properly. You need the principal to be able to login again using only the user id from the current HttpContext and no password which is a bit scary but hopefully okay if done carefully.

Cheers
Ross