Disconnect user when ASP.NET MVC session expires
In ASP.NET MVC, in one of the WCF services, I put an object in an HttpContext.Current.Session object.
When the session ends and the session is cleared of all objects, I want the user to disconnect but couldn't find a way.
In Global.asax
when the Session_end method is called a Response object and HttpContext.Current is both.
Any ideas on how to disable the user would be greatly appreciated.
source to share
When the session ends, the user no longer exists. If what you are trying to do is clear open browser windows, then you will need to implement a timer based on the time remaining before the session expires.
SignIn and signout are related to adding or removing cookies or tokens for authentication with an external service. The call you are seeing should be in the login controller and should not be moved to global.asax.
No further action is required.
source to share
I consider it a bad practice to try to synchronize session and authentication cookies. Session and cookie are different things. You can log in with multiple users in the same session period. You start a new session when you open some url and ends when you close the window or it expires on the server side. For more information on cookie bindings for session authentication please read the following answer: asp.net cookie, authentication and session timeouts
Anyway, if you want to do this, you can use one little trick. You should periodically make an ajax call to the server, for example, call YourWebsite.com/chcecksession every n seconds. There you need to check for the existence of a session variable. If it no longer exists, simply call FormsAuthentication.SignOut (), refresh the page and the user will be logged out.
source to share
I am not sure about your WCF implantation as I am not knowledgeable about WCF. I am currently creating a large scholarship app and we want to restrict logins to one login per user. I have a table setup to keep track of the User ID and GUID that I store in my Auth Cookie. You can use the session ID instead. I will cache the table and update the cache whenever a record is added or removed. I use SignalR (you can get a NuGet package) to keep in touch with each of our clients. When they close their browser, SignalR can immediately report that the user has left, and I can finish writing them from the session tracking table. In your case, you can kill the session. Also, if the user tries to log in again, I can see that they are already logged in.Then I will kill their original session and allow them to log in.
It took a few hours to get used to using SignalR and I highly recommend the Plural Sight video.
source to share
Set both timeouts in the following configuration to the exact number of minutes. Make sure slideExpiration is set to true, the same as authentication will continue for up to 30 minutes after each request as the session continues to expand after each request.
<authentication mode="Forms">
<forms loginUrl="~/Auth/SignOn.aspx" timeout="30" slidingExpiration="true" />
</authentication>
<sessionState timeout="30" />
source to share