Hi Guys

I was wondering if you can help me out with the following problem. I
created a basic secure | non secure website. So I have the root
directory as publically allowable pages and a directory called secure
with one secure page in it. Hence if I access the secure.aspx page
within the secure directory without being authenticaed then I'm thrown
to the login page.

All seems to work well, the problem I encounter is when the asp.net
process recycles or if the session ends. What happens is if I reload
that secure page again then because session object cookie is
independent of the forms authentication cookie, my session data has
expired but my page still thinks I'm authenticated and hence I am not
thrown back to login.aspx.

So my initial thought was to put in the session_start event in
global.asax the following 2 lines:
System.Web.Security.FormsAuthentication.SignOut()
Response.Redirect("login.aspx")

The problem with this solution is that public pages will also be
thrown back t the login page every time a new session starts. The only
way I've been able to get something is by checking if a session object
member exists only on secure pages but that seems a hack siince I
would have to include this on every page that needs the check

Basically I want if the session has ended then I would like only
secure pages to be redirected back to the login pages.

Question: How do I know if my page is needs authentication or not so I
can selectively know when to redirect back to the login page? How
could I force the a login page if the session ends but only on secure
pages? What are my alternatives?