Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I stop ASP.net forms authentication / session from renewing in setInterval ajax web service call?

Tags:

javascript

asp.net

web-services

forms-authentication

session-timeout

I have a control that i've written that has a javascript component and a web service component. The problem i'm having is that the javascript is set to do:

setInterval(this._checkAlertsHandler, this._messageCheckInterval * 1000);

This calls a function which makes a webservice call like so:

Alert.SiteAlertService.GetAlerts(this._receivedAlertsHandler, this._errorReceivedAlertsHandler);

So this is using the web service javascript proxy methods to access the web service. The issue is that our application has forms authentication and a timeout value, so if the user is idle for too long it will log them out.

My webservice call apparently sends the cookie which includes the session and the forms authentication key to the web service. The asp.net webservice then automatically renews the session AND the forms authentication. Everytime the javascript hits the web service it basically keeps the user alive. I do not want this behavior, this should just circumvent that, so that even though this js is hitting the web service to check for new messages, if the user hasn't done a postback on our application (and is effectively idle) it will still log them out. This isn't happening :(

What i would like to happen is this interval call to the web service does not renew any authentication (the session renewal i can get around by using an application level variable with dictionary key/value for the users session id, so i dont have to use any session level variables).

How do i do this / change my web service / or control to work like the way i want it?

like image 796
lslow00 Avatar asked Jun 23 '10 14:06

lslow00

1 Answers

I'm working on different approaches to this as well. One way I'm doing it is by adding this to the Ajax service endpoint:

// Hide the cookie so this call doesn't extend the user's ticket
HttpContext ctx = HttpContext.Current;
ctx.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);

This way you can negate an Auth Ticket renewal, sine the updated cookie will never make it back to the client.

If you have multiple Ajax endpoints that you want to exclude, a module can be implemented to identify those endpoints and include the code to remove the cookie from the response.

like image 59
RyanW Avatar answered Oct 13 '22 00:10

RyanW
Sign in to Comment

Related questions

AuthenticationManager.SignIn() isn't present in AuthenticationManager class
Stream a multi-GB file to AWS S3 from ASP.NET Core Web API
How to design tiers of ASP.NET MVC web application if it is to be hosted in DMZ with no direct access to database (tcp port 1433 blocked by firewall)?
InvalidOperationException: No authentication handler is registered for the scheme Bearer.
Do Entity Framework async methods consume ThreadPool threads?
ASP.NET Core 3.1 Web Api authorization on model property level
Enabling Auditing feature in SQLServer 2005
How do I continue working on the server after returning a response with ASP.NET? (WebForms and MVC)
Basic: How is the session id created?
Splitting / Modularizing Large ASP.NET Web Application Projects
Is it possible to add a web user control to a class library?
Using JQuery as an ASP.NET embedded webresource
Advice with Dynamic Forms in ASP.NET MVC
ASP.NET Scaffolding/Templating CRUD Solutions
How many concurrent outbound HttpWebRequest calls can be made in ASP.NET / IIS7?
Which Javascript history back implementation is the best?
Creating cookieless application on development machine with asp.net
Securing Elmah RSS Feeds in ASP.NET website
Chrome Back button page refresh - ASP.net
Losing Textbox value on postback

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!