04 Oct 2012
Link to this post
I am facing an issue with expired sessions. I already tried so many solutions I have found on internet forums but still can't redirect unauthorized access to the front end login page.
I tried changing the settings below: (forcing 2 minutes)
Sitefinity backend - Settings -> advanced -> security -> userisonlinetimewindow parameter set to 2 minutes
Web.config file: <forms timeout="2" /> and <sessionState timeout="2"/>
I log in to the application and I wait for 2+ minutes, then I click on any link at the page expecting it to go to the log in page. The session should be over and user not authenticated, but my log file says user is still authenticated, however session is gone. Once TPC understands that the user is still authenticated, it loads the page saying I haven't got permission to access it.
I already tested to see what happens in 2 different ways:
1 - If I click right away the application is going to log me back in to the application
2 - If I wait for 2+ more minutes, the application understands the sessions is really over and redirects to the login page (what is really desired!)
Login -> Wait 2+ minutes -> Click anywhere -> Application understand user is not authenticated and redirect to log in page
I’d like to know if there is a configuration in Sitefinity or TPC to redirect to login page when user is unauthorized and tick green all these conditions above.