Edition: Futurama Website
Module: Futurama HTML
User: System administrator
In this page the behavior of Futurama is described regarding logging in, logging off and how TimeOuts are dealt with. Note that is assumed that Cookies are used. Whether sessionIDs or cookies are used is defined in the setting 'SessionState' in the web.config. See this page for more information about the difference between cookies and sessions.
First the several ways to authenticate users are described, followed by a description of the behavior of Futurama when using them.
Access to website
Futurama supports the standard .Net authentication ways to secure the access to a website:
- Anonymous Authentication
- Windows Authentication
- Forms Authentication
See the paragraph ‘Securing access to website’ for more information regarding the way Futurama deals with the different kinds of authentication.
In the context of a secured website application two different types of cookies are relevant:
- session cookie
- authentication cookie
Both the session cookie and the authentication cookie can be defined in the web.config of your Futurama application. See this page for more information how to set these cookies.
Different Futurama pages
To describe the behavior of Futurama in different situations it is important to define some important Futurama pages in your Futurama Document. See the Properties paragraph of the Document description for more information. The important pages in this context are:
LoginPage: relevant in the situation Forms Authentication is used. The LoginPage is the page that is shown initially while opening your Futurama web application. At this page you can verificate the user. If the user is authenticated the Forms authentication ticket is set. From this moment it is possible to redirect the user to another Futurama WebPage
StartWebPage: relevant in the situation either Anonymous Authentication or Windows Authentication is used. The StartWebPage is the page that is shown initially while opening your Futurama web application.
TimeOutPage: the webpage the user is redirected to when either a session timeout or an authentication time out occurs.
LogoffPage: the webpage the user is redirected to when the user logs off in his session
Opening web application – cookie behavior
When a new web application is opened in your browser either the LoginPage or the StartWebpage is opened. In both cases a session cookie is created. The name of this session cookie can be defined in the web.config in the session state element. When using Forms Authentication an authentication cookie is created after the user is authenticated.
Log off – behavior
An user can logoff either by clicking a button of type logoff or by clicking a button of type normal with a Navigator to the Futurama LogoffPage. When logging off:
the user is redirected to the Futurama LogoffPage;
the session cookie is deleted;
in case of Forms Authentication the authentication cookie is deleted;
when the webapplication is opened again, the Futurama LogInPage (in case of Forms Authentication) or the Futurama StartWebpage (in case of Anonymous or Windows Authentication) is opened.
In the last step mentioned above there are several ways to open the webapplication again:
- close the browser, start browser again and open the webapplication;
- do not close the browser, close the tab showing the LogOff page, and open in a new/another tab the webapplication;
- do not close the browser, open in the tab showing the LogOff page the webapplication;
- do not close the browser, do a POST in the tab showing the LogOff page.
In all these cases the webapplication will be opened at the same page (either the LoginPage or the StartWebpage).
Timeout – behavior
in the web.config of your application the timeout period can be defined for your session and (if applicable) for your authentication. A timeout occurs when either the session timeout period is expired, or the authentication timeout period or both periods. In all these cases the behavior of Futurama is the same. When an user clicks a button after the timeout period:
- the user is redirected to the Futurama TimeOut page;
- the session cookie is deleted;
- in case of Forms Authentication the authentication cookie is deleted;
- when the webapplication is opened again, the Futurama LogInPage (in case of Forms Authentication) or the Futurama StartWebpage (in case of Anonymous or Windows Authentication) is opened.
Release session from memory
When a user is browsing to a Futurama application the session will be loaded in memory. The session is released from memory in the next situations:
- the session timeout period is expired;
- the user logs off the application
Note that in the situation the users closes his browser before expiration of the time-out period the session is not released from memory. This is because the server where the application is hosted doesn’t know that the browser is closed. The session will be closed:
- after expiration of the timeout period
- when the user opens the browser again and starts a new session.
If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.