Form State Keeper

In ASP.NET (WebForms or MVC) solutions using forms based security, there is a problem if the forms authentication ticket times out while the user is filling out a large web form. This is a simple solution to that problem using a custom HttpModule:

A typical scenario is where:
  • The solution is using forms authentication (using cookies, and with a timeout set to 30 minutes in web.config).
  • The user starts filling out a large web form.
  • The user takes a long phonecall or goes to lunch.
  • The user returns, resumes filling out the form and submits.
  • Bang - the user is redirected to the login page because the authentication ticket timed out.
  • After logging in again the form will be empty - all work filling out the form is lost.

The easiest solution would be to make the forms authentication ticket live very long (ex. 24 hours). But in my experience many customers require that the login times out after typically 30 minutes for security reasons.

Here is the solution Form State Keeper is using:

Form StateKeeper is a simple HttpModule. The HttpModule will capture the posted form and save it using a provider model, just before the forms authentication redirects the user to the login page.

After login, the same HttpModule will redirect the request to a custom http handler that generates a transit page. This transit page will restore the form contents as hidden fields and do a submit (http post triggered on load) to the original page. There you go, form restored.

This way everything from the original form post will be restored, including ViewState. The original page will happily recieve the http post and do normal page processing. The restoring of the form will be transparent to the end user. Usually the transit page will be so fast that the user doesn't see it.

This will also work with Ajax to some extent. Form fields inside an UpdatePanel will be re-populated by the form saver, but any callback from controls inside the UpdatePanel will be "replaced" by a full page postback from the transit page.

The solution also works in ASP.NEt MVC 1.0, as the supplied sample in the source shows.

To get started, read the installation instructions.

See my original blog post for this code

Last edited Aug 17, 2009 at 9:41 PM by peter_r, version 5