Loosing roles between two pages ?
I use this in Global.asax for my CSLA based app:
Private Sub Global_AcquireRequestState(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.AcquireRequestState
If Not Session("CSLA-Principal") Is Nothing Then
Thread.CurrentPrincipal = CType(Session("CSLA-Principal"), MyUser)
HttpContext.Current.User = CType(Session("CSLA-Principal"), MyUser)
Else
If Thread.CurrentPrincipal.Identity.IsAuthenticated = True Then
Web.Security.FormsAuthentication.SignOut()
Server.Transfer(Request.ApplicationPath + "/Login.aspx")
End If
End If
End Sub
The code after the Else handles the case where the session died but the user
still has an authenticated cookie!
Can happen many ways - IIS recycles the app, etc.
以上代码每个Request都对当前的Thread进行授权,如果发现Session已经过期,但用户仍然有一个被授权的Cookie,则强迫用户重新登录。
这种事情在很多情况下都会发生....