Hi BOb,

ASP.NET Mobile applications work the same as ASP.NET applications for authentication. I would recommend using Forms authentication for your scenario. To answer your question:

>1. How do I set the session time out.
In the web.config file, you will find the element . Inside that element, you will find a setting for "timeout". Set that to however many minutes you need.

>2. How do I log someone out (deauthnticate them)?
To destroy the users authentication cookie and redirect them to the login page, do the following:

Sub DoSignOut(objSender As Object, objArgs As EventArgs)
' Destry the users authentication cookie
FormsAuthentication.SignOut()

' Redirect then to the login page
Response.Clear()
Response.Redirect(Request.UrlReferrer.ToString())

End Sub

>3. Can I deauthenticate someone automatically when the session times out?
This should already be happening.


>Hey all, three questions.
>
>1. How do I set the session time out.
>
>2. How do I log someone out (deauthnticate them)?
>
>3. Can I deauthenticate someone automatically when the session times out?
>
>The scenerio is...
>
>1 Unauthenticated user Hits web site
>2 User is redirected to Logon Page
>3 If logon it good session is created
>4 User logs off, in the loggof I am doing Session.Abandon() but user is still authenticated and can go to history or press back and gets an error since the session is closed. I want him to be redirected to login again. I assume there is a command I can use to 'deathenticated him' after stopping the session?
>
>Thanks,
>BOb

-----------------------------------------

Cathi Gero, CPA
Prenia Software & Consulting Services
Microsoft C# / .NET MVP
Mere Mortals for .NET MVP
cgero@prenia.com
www.prenia.com
Weblog: blogs.prenia.com/cathi