>Hi BOb,
>
>ASP.NET Mobile applications work the same as ASP.NET applications for authentication. I would recommend using Forms authentication for your scenario. To answer your question:
First I went huh?, then I realized I posted this in the wrong Category, it is a regular ASP.Net ap I am taling about. Perhaps a sysop could move this thread. We are using Forms authentication.
>>1. How do I set the session time out.
>In the web.config file, you will find the element
. Inside that element, you will find a setting for "timeout". Set that to however many minutes you need.
Ah, I figured that, but didn't see it. I will look again.
>>2. How do I log someone out (deauthnticate them)?
>To destroy the users authentication cookie and redirect them to the login page, do the following:
>
>
>Sub DoSignOut(objSender As Object, objArgs As EventArgs)
>' Destry the users authentication cookie
>FormsAuthentication.SignOut()
Ok, this must be the piece I was missing. If I do this, do I still need to do Session.Abandon() ?
>>3. Can I deauthenticate someone automatically when the session times out?
>This should already be happening.
Ok, I didn't know if I had to do something in Global.asax. I didn't actually test this, I just assumed due to my other problem that just cause the session ended didn't mean they were no longer authenticated.
Thanks Cathi,
BOb