ASP.NET MVC3: Request.IsAuthenticated always "true" after $Ajax request from client

Question

I'm trying to check on server if authenticated is timeout and after that if Request.IsAuthenticated = false I want Redirect user to LoGon page. But even if time of Authentication expired it gives me always Request.IsAuthenticated = true, but when application start first time all right Request.IsAuthenticated = false.

I can't check on session timeout because principal page permanently obtains data from the server and I think session never timeout.

In WebConfig:

<code>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="1" />
    </authentication>
</code>

On Server:

<code>
public class CheckAuthorizeAndSessionAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            HttpContext ctx = HttpContext.Current;

            //  check if session is supported
            if (ctx.Request.IsAuthenticated)
            {
                if (ctx.Session != null)
                {
                    // check if a new session id was generated
                    if (ctx.Session.IsNewSession)
                    {

                        // If it says it is a new session, but an existing cookie exists, then it must
                        // have timed out
                        string sessionCookie = ctx.Request.Headers["Cookie"];
                        if (null != sessionCookie)
                        {
                            FormsAuthentication.SignOut();
                            //const string loginUrl = System.Web.Security.FormsAuthentication.LoginUrl;// Url.Action("LogOn", "Account");
                            //var rr = new RedirectResult(loginUrl);
                            //filterContext.Result = rr;
                            String url = FormsAuthentication.LoginUrl;
                            filterContext.Result = new RedirectResult(url);
                        }
                    }
                }
            }
            else
            {
                ctx.Response.Redirect(@"~/Account/LogOn");
                //ctx.Response.StatusCode = 302;
            }
            base.OnActionExecuting(filterContext);
        }
    }
</code>

On client

<code>
$(document).ready(function () {
        //DELETE
        $("#ModifyBlock a").live("click", function () {
            var urlForGet = '';
            var urlAction = '';
            if ($(this).attr("id") == 'Delete') {
                urlForGet = '@Url.Action("Delete", "Product")';
                urlAction = '@Url.Action("Delete", "Product", new { id = "idClient", lockType = "typeLockClient" })';
            }
            if ($(this).attr("id") == 'Edit') {
                urlForGet = '@Url.Action("Edit", "Product")';
                urlAction = '@Url.Action("Edit", "Product", new { id = "idClient", lockType = "typeLockClient" })';
            }
            if ($(this).attr("id") == 'Detail') {
                urlForGet = '@Url.Action("Detail", "Product")';
                urlAction = '@Url.Action("Detail", "Product", new { id = "idClient", lockType = "typeLockClient" })';
            }
            $.ajax({
                url: urlForGet,
                type: 'GET',
                data: { id: $(this).attr("alt"), lockType: $("#SelTypesLock").attr("value") },
                dataType: 'json',
                proccessData: false,
                contentType: 'application/json; charset=utf-8',
                statusCode: {
                    200: function (data) {
                        alert('200: Authenticated');
                    },
                    401: function (data) {
                        alert('401: Unauthenticated');
                    },
                    550: function (data) {
                        alert('550: Unauthenticated');
                        $("#ErrorMesage").text(xhr.responseText);
                    },
                    660: function (data) {
                        alert('660: Redirect to Error View');
                        window.location.href = '@Url.Action("Error", "Product")';
                    }
                },
                success: function (data) {
                    url = urlAction;
                    url = url.replace("idClient", data.Id);
                    url = url.replace("typeLockClient", $("#SelTypesLock").attr("value"));
                    window.location.href = url;
                },
                error: function (xmlHttpRequest, status, err) {
                    $("#ErrorMesage").text(xmlHttpRequest.responseText);
                }
            });
        });
    </code>`enter code here

Probably related: http://stackoverflow.com/questions/412300/formsauthentication-signout-does-not-log-the-user-out http://stackoverflow.com/questions/4050925/page-user-identity-isauthenticated-still-true-after-formsauthentication-signout Cheers. — vtortola, Dec 03 '12 at 16:56
Senk for link, probably it realy cache.. i will trying this! — Dimarik, Dec 03 '12 at 18:18

score 1 · Answer 1 · answered Dec 24 '12 at 07:22

You probably have sliding expiration parameter set to true. What this does is measure the time of the last request against the parameter in web.config.

If your parameter is 1 minute, and you do 30 seconds Ajax calls, you will never be un-authenticated. Try turning off sliding expiration and should work

ASP.NET MVC3: Request.IsAuthenticated always "true" after $Ajax request from client

1 Answers1