I try to check the server if the timeout is authenticated, and after that, if Request.IsAuthenticated = false , I want to redirect the user to the LoGon page. But even if the authentication time has expired, it always gives me Request.IsAuthenticated = true , but when I first run the application everything is fine. Request.IsAuthenticated = false .
I canβt check the session timeout because the main page is getting data from the server forever, and I think the session never expires.
In WebConfig :
<code> <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="1" /> </authentication> </code>
On server:
<code> public class CheckAuthorizeAndSessionAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { HttpContext ctx = HttpContext.Current; // check if session is supported if (ctx.Request.IsAuthenticated) { if (ctx.Session != null) { // check if a new session id was generated if (ctx.Session.IsNewSession) { // If it says it is a new session, but an existing cookie exists, then it must // have timed out string sessionCookie = ctx.Request.Headers["Cookie"]; if (null != sessionCookie) { FormsAuthentication.SignOut(); //const string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl;// Url.Action("LogOn", "Account"); //var rr = new RedirectResult(loginUrl); //filterContext.Result = rr; String url = FormsAuthentication.LoginUrl; filterContext.Result = new RedirectResult(url); } } } } else { ctx.Response.Redirect(@"~/Account/LogOn"); //ctx.Response.StatusCode = 302; } base.OnActionExecuting(filterContext); } } </code>
On the client
<code> $(document).ready(function () { //DELETE $("#ModifyBlock a").live("click", function () { var urlForGet = ''; var urlAction = ''; if ($(this).attr("id") == 'Delete') { urlForGet = '@Url.Action("Delete", "Product")'; urlAction = '@Url.Action("Delete", "Product", new { id = "idClient", lockType = "typeLockClient" })'; } if ($(this).attr("id") == 'Edit') { urlForGet = '@Url.Action("Edit", "Product")'; urlAction = '@Url.Action("Edit", "Product", new { id = "idClient", lockType = "typeLockClient" })'; } if ($(this).attr("id") == 'Detail') { urlForGet = '@Url.Action("Detail", "Product")'; urlAction = '@Url.Action("Detail", "Product", new { id = "idClient", lockType = "typeLockClient" })'; } $.ajax({ url: urlForGet, type: 'GET', data: { id: $(this).attr("alt"), lockType: $("#SelTypesLock").attr("value") }, dataType: 'json', proccessData: false, contentType: 'application/json; charset=utf-8', statusCode: { 200: function (data) { alert('200: Authenticated'); }, 401: function (data) { alert('401: Unauthenticated'); }, 550: function (data) { alert('550: Unauthenticated'); $("#ErrorMesage").text(xhr.responseText); }, 660: function (data) { alert('660: Redirect to Error View'); window.location.href = '@Url.Action("Error", "Product")'; } }, success: function (data) { url = urlAction; url = url.replace("idClient", data.Id); url = url.replace("typeLockClient", $("#SelTypesLock").attr("value")); window.location.href = url; }, error: function (xmlHttpRequest, status, err) { $("#ErrorMesage").text(xmlHttpRequest.responseText); } }); }); </code>`enter code here