FormsAuthentication and Session Timeouts
Because the FormsAuthentication and the Session cookies are not the same, it is possible that when you are accessing your application you are still logged in, but the session has expired. In this situation, perhaps the best thing to do is logout from FormsAuthentication and redirect to the same page. You can do this through a custom module. Let's see how:
public class CheckSessionModule: IHttpModule
{
public void Init(HttpApplication app)
{
ctx.Application.AcquireRequestState += this.OnAcquireRequestState;
}
public void Dispose() {}
public void OnAcquireRequestState(Object sender, EventArgs args)
{
if ((HttpContext.Current.User.Identity.IsAuthenticated == true) && (HttpContext.Current.Session.IsNewSession == true))
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Redirect(HttpContext.Current.Request.Url.ToString(), false);
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
}
}