A little help with managing session timeouts

Discussion in 'ASP .Net' started by Simon Harvey, Oct 18, 2004.

  1. Simon Harvey

    Simon Harvey Guest

    Hi everyone,

    If anyone can help me with the following I would be very greatful.

    In order to determine when a session has timed out I have some code in each
    page that does something like:

    loadSessionData(); // Populates a variable called sessionState

    if(sessionState.currentUser != null){
    // Carry on
    }

    else{
    Response.Redirect("/misc_pages/sessionExpired.aspx");
    }

    My problem is I often have to send out links in emails that jump right into
    the secure section of the site. If a session isnt detected it should quietly
    take the user to the login page and then once the user enters their details,
    redirect them to the secure page they were trying to get to before. This all
    sounds fine in theory but the problem is that the code above just identifies
    the fact that there isn't any session information and assumes that the
    situation is a session timeout - which it isnt.

    So I guess my question is:

    How can I easily distinguish between occasions when a user's session has
    timed out and occasions when the user has just tried to jump into a secure
    area of the site without logging in?

    If anyone can help me I would be very greatful.

    Thanks in advance everyone

    Kindest Regards

    Simon
     
    Simon Harvey, Oct 18, 2004
    #1
    1. Advertising

  2. Check out "Session.IsMewSession" in the .NET docs. It sounds like what you
    want.

    "Simon Harvey" wrote:

    > Hi everyone,
    >
    > If anyone can help me with the following I would be very greatful.
    >
    > In order to determine when a session has timed out I have some code in each
    > page that does something like:
    >
    > loadSessionData(); // Populates a variable called sessionState
    >
    > if(sessionState.currentUser != null){
    > // Carry on
    > }
    >
    > else{
    > Response.Redirect("/misc_pages/sessionExpired.aspx");
    > }
    >
    > My problem is I often have to send out links in emails that jump right into
    > the secure section of the site. If a session isnt detected it should quietly
    > take the user to the login page and then once the user enters their details,
    > redirect them to the secure page they were trying to get to before. This all
    > sounds fine in theory but the problem is that the code above just identifies
    > the fact that there isn't any session information and assumes that the
    > situation is a session timeout - which it isnt.
    >
    > So I guess my question is:
    >
    > How can I easily distinguish between occasions when a user's session has
    > timed out and occasions when the user has just tried to jump into a secure
    > area of the site without logging in?
    >
    > If anyone can help me I would be very greatful.
    >
    > Thanks in advance everyone
    >
    > Kindest Regards
    >
    > Simon
    >
    >
    >
     
    =?Utf-8?B?QnJhZCBSb2JlcnRz?=, Oct 18, 2004
    #2
    1. Advertising

  3. OOPs, typo...Session.IsNewSession...
     
    =?Utf-8?B?QnJhZCBSb2JlcnRz?=, Oct 18, 2004
    #3
  4. Look into FormsAuthentication. It should allow you to do most of what you
    would like to do.

    --
    Girish Bharadwaj
    http://msmvps.com/gbvb
    "Simon Harvey" <sh856531@microsofts_free_email_service.com> wrote in message
    news:...
    > Hi everyone,
    >
    > If anyone can help me with the following I would be very greatful.
    >
    > In order to determine when a session has timed out I have some code in

    each
    > page that does something like:
    >
    > loadSessionData(); // Populates a variable called sessionState
    >
    > if(sessionState.currentUser != null){
    > // Carry on
    > }
    >
    > else{
    > Response.Redirect("/misc_pages/sessionExpired.aspx");
    > }
    >
    > My problem is I often have to send out links in emails that jump right

    into
    > the secure section of the site. If a session isnt detected it should

    quietly
    > take the user to the login page and then once the user enters their

    details,
    > redirect them to the secure page they were trying to get to before. This

    all
    > sounds fine in theory but the problem is that the code above just

    identifies
    > the fact that there isn't any session information and assumes that the
    > situation is a session timeout - which it isnt.
    >
    > So I guess my question is:
    >
    > How can I easily distinguish between occasions when a user's session has
    > timed out and occasions when the user has just tried to jump into a secure
    > area of the site without logging in?
    >
    > If anyone can help me I would be very greatful.
    >
    > Thanks in advance everyone
    >
    > Kindest Regards
    >
    > Simon
    >
    >
     
    Girish Bharadwaj, Oct 18, 2004
    #4
  5. Simon Harvey

    Simon Harvey Guest

    Hi Guys,

    Thanks for your help. I'm currently using forms authentication at the
    moment. I can't find much information about session handling in the
    documentation though.

    I'll go have a look at isSessionNew just now. I'm not sure its what I need
    but maybe.

    Thanks for your help

    Simon
     
    Simon Harvey, Oct 19, 2004
    #5
  6. Simon Harvey

    Simon Harvey Guest

    Hi Brad,

    I think I see where you're going with the IsNewSession property. I just want
    to check something with you if thats ok.

    Is the reason this works because when a user follows a link to a secure area
    of the site from an email, the IsNewSession property will always be true
    because it will have been made as soon as the user followed the link. A time
    out won't occur like this because the IsNewSession will be false?

    That seems to make sense to me. I'll try it later on today.

    Thanks again for your help

    Simon
     
    Simon Harvey, Oct 19, 2004
    #6
  7. Simon Harvey

    Simon Harvey Guest

    Hi Brad,

    I think I see where you're going with the IsNewSession property. I just want
    to check something with you if thats ok.

    Is the reason this works because when a user follows a link to a secure area
    of the site from an email, the IsNewSession property will always be true
    because it will have been made as soon as the user followed the link. A time
    out won't occur like this because the IsNewSession will be false?

    That seems to make sense to me. I'll try it later on today.

    Thanks again for your help

    Simon
     
    Simon Harvey, Oct 20, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Justin Dutoit

    Dealing with Session State timeouts

    Justin Dutoit, Aug 5, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    381
    Steve C. Orr, MCSD
    Aug 5, 2003
  2. Justin Dutoit

    Setting Session State timeouts

    Justin Dutoit, Aug 7, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    335
    S. Justin Gengo
    Aug 7, 2003
  3. Poppy

    Increase session timeouts

    Poppy, Apr 29, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    7,134
    Ashish M Bhonkiya
    Apr 29, 2004
  4. =?Utf-8?B?SmFzb24=?=

    forms authentication timeouts and session timeouts

    =?Utf-8?B?SmFzb24=?=, Jun 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    470
    =?Utf-8?B?SmFzb24=?=
    Jun 22, 2004
  5. Billy Horne
    Replies:
    3
    Views:
    461
    Scott Allen
    Jul 16, 2004
Loading...

Share This Page