Hi BOb,
ASP.NET Mobile applications work the same as ASP.NET applications for authentication. I would recommend using Forms authentication for your scenario. To answer your question:
>1. How do I set the session time out.
In the web.config file, you will find the element
. Inside that element, you will find a setting for "timeout". Set that to however many minutes you need.
>2. How do I log someone out (deauthnticate them)?
To destroy the users authentication cookie and redirect them to the login page, do the following:Sub DoSignOut(objSender As Object, objArgs As EventArgs)
FormsAuthentication.SignOut()
Response.Clear()
Response.Redirect(Request.UrlReferrer.ToString())
End Sub
>3. Can I deauthenticate someone automatically when the session times out?
This should already be happening.
>Hey all, three questions.
>
>1. How do I set the session time out.
>
>2. How do I log someone out (deauthnticate them)?
>
>3. Can I deauthenticate someone automatically when the session times out?
>
>The scenerio is...
>
>1 Unauthenticated user Hits web site
>2 User is redirected to Logon Page
>3 If logon it good session is created
>4 User logs off, in the loggof I am doing Session.Abandon() but user is still authenticated and can go to history or press back and gets an error since the session is closed. I want him to be redirected to login again. I assume there is a command I can use to 'deathenticated him' after stopping the session?
>
>Thanks,
>BOb
-----------------------------------------
Cathi Gero, CPA
Prenia Software & Consulting Services
Microsoft C# / .NET MVP
Mere Mortals for .NET MVP
cgero@prenia.comwww.prenia.comWeblog: blogs.prenia.com/cathi