Detecting and handling an expired session in ASP.net

S

Simon

Hi all,

Any help with this would be much appreciated:

I have a site where the session needs to timeout because of security
concerns. I want to send the user back to the login page if the session is
expired.

Whats happening at the moment is that objects that exisit in the Session are
being accessed when the session has expired.
I know I could do an if Session["whatever"] != null or something similar to
detect whether the object is or isnt empty but there are many objects that
would need to be checked and I'll bet that some of them can be null quite
legitimately without needing the user to sign in again.

Question: Is there a way of doing something like:

if(Session.IsExpired){
// Redirect to login
}
else{
// Continue
}

I seem to remember from my university days that this is how you could do
things in java. Very simple - the session is either expired or not. I can't
seem to find an equivelent in ASP.net, which is begining to worry me
:-(

Thanks to anyone who can advise.

Take care

Simon
 
S

Scott M.

Why not just use the Session_End event handler in Global.asax? This event
fires when the session is ended.
 
S

Simon

Hi Scott,

Thanks for your answer.

I'm not really sure how that would work.Could you explain a little bit more
on what I would have to do on a per request basis. eg I'm imagining it would
be something like -

1. Whenever the event is fired I would make a not of the expiring session id
2. Then examine each request to see if the session id provided is expired.

That doesnt seem right to me. A bit to pissy for want of a better term.

It seems like the sort of thing that the framework should take care of and
expose through an expired property or something similar.

But then again, I'm pretty sure I'm making incorrect assumptions about how
you are suggesting this would work.

Any more details would be much appreciated.

Thanks again Scott

Simon
 
S

Scott M.

No Simon, this event fires when any user session DOES expire, so you don't
need to see if the session has expired in that code. If there is something
you want done as ANY session expires, just put the code for it into this
event handler. You don't need to check if the session has expired because
this event handler wouldn't have fired unless the session DID expire.

This event handler is not new. It was part of Global.asa in Classic ASP and
is now in Global.asax in ASP.NET. Check out
http://msdn.microsoft.com/library/d.../html/cpconusingmoduleswithglobalasaxfile.asp
for more info.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
ASP.NET Session Expired, Report Viewer Control 0
Detecting a session timeout 4
lifetime of Session and Application ??? 1
ReportViewer Session Expired error 1
expired mcad and Brainbench observation. 5
How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
problem with expired session 1

Members online

No members online now.
Total: 21 (members: 0, guests: 21)
Robots: 60

Forum statistics

Threads
473,754
Messages
2,569,521
Members
44,995
Latest member
PinupduzSap

Latest Threads

Top