We created a website for our customer to check their order status. We are 
using login controls, authentication mode="Forms", SqlMembershipProvider, and 
all asp.net security. User has to login when he access the website first time 
and then he can click Flash menu to go to every page. 

It is supposed to redirect to login page when user click the menu if the 
session is expired. But now user still can click the menu to go to every 
page. If we change the flash menu to text menu, it works fine. It looks like 
the flash menu has different session but asp.net doesn't recognize it.

Anyone can help me to resolve this problem?

Thanks

On Jun 26, 6:54 pm, Alex  wrote:

> We created a website for our customer to check their order status. We are
> using login controls, authentication mode="Forms", SqlMembershipProvider, and
> all asp.net security. User has to login when he access the website first time
> and then he can click Flash menu to go to every page.
>
> It is supposed to redirect to login page when user click the menu if the
> session is expired. But now user still can click the menu to go to every
> page. If we change the flash menu to text menu, it works fine. It looks like
> the flash menu has different session but asp.net doesn't recognize it.
>
> Anyone can help me to resolve this problem?


<deny users="?" />  in the web.config file should help

I had <deny users="?" />  in the web.config but still doesn't work. If I put 
debug="true" in the page head it works. For example, the inventory.aspx only 
works if I put debug="true" to its head. But orderstatus.aspx doesn't work if 
I don't put debug="true" in its head. And it looks stiall work even I remove 
debug="true" from Inventory.aspx. These confuse me.


"Alexey Smirnov" wrote:


> On Jun 26, 6:54 pm, Alex  wrote:
> > We created a website for our customer to check their order status. We are
> > using login controls, authentication mode="Forms", SqlMembershipProvider, and
> > all asp.net security. User has to login when he access the website first time
> > and then he can click Flash menu to go to every page.
> >
> > It is supposed to redirect to login page when user click the menu if the
> > session is expired. But now user still can click the menu to go to every
> > page. If we change the flash menu to text menu, it works fine. It looks like
> > the flash menu has different session but asp.net doesn't recognize it.
> >
> > Anyone can help me to resolve this problem?
> 
> <deny users="?" />  in the web.config file should help
> 
> 

On Jun 26, 9:06 pm, Alex  wrote:

> I had <deny users="?" />  in the web.config but still doesn't work. If I put
> debug="true" in the page head it works. For example, the inventory.aspx only
> works if I put debug="true" to its head. But orderstatus.aspx doesn't work if
> I don't put debug="true" in its head. And it looks stiall work even I remove
> debug="true" from Inventory.aspx. These confuse me.
>


Let me understand

default.aspx has menu and a link in menu to inventory.aspx

When you stay on the default.aspx and session is expired link to
inventory.aspx is working and you don't have a redirect to login.aspx
and session is also gone.

I'm right?