I have been developing my site for a while and it turns out I had quite the wrong Idea about how this all works. I have a login control on my login page that takes a username and password. It's then compared against the database to validate (I don't use any of the Membership or Roles from ASP.Net btw, and I'm too far into it now to change my DB structure). If the check returns true it also returns a custom MySiteUser object which is basically just strings containing some other contact details and so forth.
Now, what I've been doing is doing this when the checking method returns:
Session.Timeout = 5;
string uName = MySiteUserInstance.First.Trim() + " " + MySiteUserInstance.Last.Trim();
So I've been doing some reading on the pipeline and how it all works rather than just how to create pages, and I've found out that the Session object and FormsAuthentication object aren't actually linked! So even though my Session is timed out they can just type an "authentication required" URL into the address bar and
View Complete Post