protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { try { LoginUserData staffData = StaffBiz.GetLoginUserData(Login1.UserName.Trim()); if (staffData != null) //if (staffData != null && IsAuthenticated(Login1.UserName.Trim(), Login1.Password.Trim())) { Guid sessionId = Guid.NewGuid(); LoginBiz.InsertSession(Login1.UserName.Trim(), sessionId); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, Login1.UserName.Trim(), DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes), Login1.RememberMeSet, staffData != null ? staffData.StaffNameTH + "|" + staffData.BranchName + "|" + sessionId.ToString() : _displayName + "|" + "", FormsAuthentication.FormsCookiePath); string encTicket = FormsAuthentication.Encrypt(ticket); Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)); //Response.Redirect(FormsAuthentication.GetRedirectUrl(Login1.UserName, Login1.RememberMeSet), false); InsertLoginLog(true, ""); if (Request["ticketid"] != null && Request["accflag"] == "email") { Response.Redirect("COC_SCR_003.aspx?ticketid=" + Request["ticketid"], false); } else { Response.Redirect(FormsAuthentication.DefaultUrl, false); } } else { InsertLoginLog(false, "Logon failure: unknown user name or bad password."); _log.Debug("Logon failure: unknown user name or bad password."); AppUtil.ClientAlert(Page, "Logon failure: unknown user name or bad password."); } } catch (Exception ex) { string message = ex.InnerException != null ? ex.InnerException.Message : ex.Message; InsertLoginLog(false, message); _log.Debug("(" + Login1.UserName + ") " + message); AppUtil.ClientAlert(Page, "Logon failure: unknown user name or bad password."); } }