Identify the postback from a ASP.NET Login control

I have a <asp:Wizard> that is only applicable for a logged-out user. If the user is currently logged in, he/she is redirected to another page. On one of the wizard steps, as part of the wizard, I ask for credentials via the <asp:Login> control and log in the user. This presents a problem.

According to MSDN: "When a user uses the Login control to log in to a Web site, all data in the view state and all post data is lost. Do not perform actions in the LoggedIn event that rely on the view state."

Because of this, my Wizard control forgets the step it's on after the login process. MSDN recommends: "If you embed the Login control in a WizardStep object, explicitly set the ActiveStepIndex property in a Page_Load event handler if the user is authenticated. The Wizard control does not automatically advance to the next WizardStep object in this scenario."

However, because all view state is lost, the redirect for logged-in users kicks in, sending the user away from the page. What's the best way to determine, at page load, which of the states the user is in?

• Already logged in some time ago; ne开发者_Go百科eds to be redirected.
• Was just logged in from inside the wizard; needs to reach the next wizard step.

Thanks for any ideas.

You can set a Session variable when the user logs in: Session("LoggedIn") = Now

When checking to redirect the user, check if LoggedIn was at least 3 minutes ago and then redirect. Because you set this Session variable after logging in it will be available (or maybe null if not logged in).

You might want to create a custom Login control, inheriting from Login, that sets this Session variable whenever a user logs in:

Public Class MyLogin : Inherits Login
    Private Sub MyLogin_LoggedIn() Handles Me.LoggedIn
        HttpContext.Current.Session("LoggedIn") = Now
    End Sub
End Class

"A strange game. The only winning move is not to play." Reference to War Games

Instead of playing the redirect-preventing game, a different solution is possible. Since I control all links to the page in question, when the a user is logged in, I can change the destination (href) of those links to the post-redirect page. This bypasses the need to "play" on the page itself, and allows the page, if hit by a logged-in user, to always jump to appropriate next wizard step.