Web Development Thread, IIS / .ASP force logout question in Coding and Web Development; I have a website created that requires users to login via their active directory account.
It seems with IE they ...
-
1st February 2009, 02:45 AM #1 IIS / .ASP force logout question
I have a website created that requires users to login via their active directory account.
It seems with IE they stay logged in until they close the browser It seems with IE they stay logged in until they close the browser . A lot of users log in from home, so Im looking for a way to force a logout the site after X mins.
I have been dabbling with cookies, but am unsure if this is the right way to do it, as they are not logging in to the actual site per se (Although I would love to add a second level of security by having a login page on the actual site - but have no idea about that now)
Is there a way in IIS to force the logout of an authenticated session after a certain amount of time?
-
-
IDG Tech News
-
1st February 2009, 07:09 AM #2 If you're just doing authentication with a normal IIS protected directory, then no you can't time it out (the browser just keeps on presenting its credentials with every page request). You need to use a cookie-based authentication that you can control a bit more. I don't know if ASP has an equivalent to PHP's sessions system, but that would be your best bet.
-
Thanks to powdarrmonkey from:
RabbieBurns (1st February 2009)
-
1st February 2009, 07:16 AM #3 It is not to difficult to set up forms based authentication with ASP there is a nice write up on cookie based stuff here with code:
ASP 101 - Articles
Heres one that uses a DB:
Simple ASP Authentication System
there is a whole list of tutorials here:
ASP User Authentication Tutorials - Tutorialized
Once you get the hang of it the session based stuff in ASP is easy to use as it does most of the work for you.
-
Thanks to SYNACK from:
RabbieBurns (1st February 2009)
-
1st February 2009, 11:42 AM #4 Thanks, Ill check those links out tomorrow and try to knock something together
-
-
2nd February 2009, 09:46 AM #5 
Originally Posted by
SYNACK 
Heres one that uses a DB:
Simple ASP Authentication System[/URL]
Once you get the hang of it the session based stuff in ASP is easy to use as it does most of the work for you.
Used this one, piece of cake to setup, and I have created a logout button as it doesn't use cookies so I don't think I can auto time it out.
Slightly off topic now, but can anyone post code I could use to somehow mangle the passwords stored in the database so they aren't plain-text?
-
-
2nd February 2009, 08:25 PM #6
Last edited by SYNACK; 2nd February 2009 at 08:27 PM.
-
-
2nd February 2009, 08:48 PM #7 thanks, ill check that out tomorrow.
I also managed to add an auto time out to the stuff I did today by adding a session expire line to the .asa
-
SHARE: 
Similar Threads
-
By Blake0 in forum Windows
Replies: 13
Last Post: 23rd September 2010, 06:31 AM
-
By FN-GM in forum Windows
Replies: 8
Last Post: 17th January 2009, 08:23 PM
-
By RabbieBurns in forum Web Development
Replies: 14
Last Post: 7th October 2008, 10:22 AM
-
By bjohnny42 in forum EduGeek.net Site Problems
Replies: 1
Last Post: 2nd May 2008, 10:53 AM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
