Personal I need a timeout for my web.config that if the user is not tampering with the system it expires, if it is tampering with the system does not expire time. Is it possible to have something like this?
<configuration>
<system.web>
<sessionState timeout="20"></sessionState>
</system.web>
</configuration>
You're confusing expiration of session data with login session , and they are not the same thing.
The performative way of doing this is by defining an attribute that checks whether SessionStore still exists or not. If it does not exist, log out session:
public class VerificarSessaoExpiradaAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext contexto = HttpContext.Current;
// Verifica se existe um objeto definido na Session
var objeto = new DadosUsuario();
objeto = ((DadosUsuario)SessionStore.GetSessionValue("DadosUsuario"));
if (objeto == null)
{
filterContext.Result = new RedirectResult("~/Account/Login");
return;
}
base.OnActionExecuting(filterContext);
}
}
[VerificarSessaoExpirada]
public ActionResult Index()
{
return Index();
}