Home/ Questions/Q 6188843
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T02:18:21+00:00

I have a webforms app that uses a few ASP.NET AJAX Timer controls (i.e.

  • 0

I have a webforms app that uses a few ASP.NET AJAX Timer controls (i.e. polling). If a user is on a page with one of these, they will effectively never time-out, as the polling process keeps their authentication ticket alive.

I’d like to segment Timer controls so they don’t trigger Forms Authentication’s RenewTicketIfOld method. The path I’m on and I’ve done something similar before is to inject something into the AJAX HTTP request to have these requests identified as coming from a timer and then put some code to run after the Forms Authentication Module that hides the Authentication cookie from being sent back down in the response.

Any other suggestions for how to prevent a Timer control from keeping the forms authentication ticket alive?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Making progress, currently this is my solution. I went from setting a custom header in the Timer AJAX requests and checking that header in a Module (you can see this in the answer version history) to a simple, Module-only solution. (Hat tip to the How to tell if a refresh came from a Timer question)

    public class SkipAuthTicketRenewalModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.EndRequest += new EventHandler(context_EndRequest);
    }

    void context_EndRequest(object sender, EventArgs e)
    {
        // See if auth cookie was added in response to the timer control update by the FormsAuthModule, 
        // indicating the ticket was renewed.  If it was, remove it so we don't extend the ticket.

        HttpContext ctx = HttpContext.Current;
        string ctrlname = ctx.Request.Params.Get("__EVENTTARGET");

        if (!String.IsNullOrEmpty(ctrlname))
        {
            Page page = ctx.Handler as Page;
            if (page != null)
            {
                Control ctrl = page.FindControl(ctrlname);
                if (ctrl != null && ctrl is Timer)
                {
                    ctx.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
                }
            }
        }
    }
}
    • 0