I have an ASP.NET WebForms page with forms authentication. When users create a login, I use ‘remember me’ to create the authentication cookie.
What I now want to do is check the time of their last access. But LastLogin time is updated only when the user uses the login control (which they don’t need to use when they have the authentication cookie on their machine), and LastActivity control is updated before any of my code runs.
It looks like the only way I can do this is to hook into the application event Application_AuthenticateRequest – right? Or is there some better way to do this?
Thanks!
Instead I used the session_start event in Global.asax.
In there I’ve stored the current and previous session start DateTime’s against the user in the DB (moving the current to the previous each time). This gets me the time of a user’s previous session.
It might be better to use session_end – but that’s not the time the user left the page, it’s [timeout] time after their last activity – so this is a fairly good solution.