i have a query regarding Sessions in ASP.Net. The scenario is:
My web application is for Mobile Phone. The default session timeout is 20 minutes. There is an option of "Remember Me", on checking which, the application also stores the permanent cookie whenever user signs in.
Now the requirement is that if the user has logged in with the "Remember Me" option checked and the session has expired due to inactivity for more than 20 minutes and then he tries to do some activity, the user should not be redirected to the login page. In the sense, the process of authentication should be skipped. It should be taken care of by the application and the user should directly continue with his work. But also if the user signs out, then he should be redirected to the login page for authentication.
Now, the scenarios I can think of are:
1). A check can be made that if user has checked "Remember Me" the authentication process should be skipped so whenever session expires and user do some activity, the authentication part can be done automatically and he will continue with his work. But in that case, once a user has signed in with "Remember Me" option checked, he would never be able to Sign-out unless he deletes his cookies.
2). Refresh(reset) session as soon as it comes to expire. But then its against the requireme
View Complete Post