Detecting loss of session

[Chris]

When a request comes into a page on my ASP.net site and a session is
not found, I want to detect whether the request is an initial request
or if the user did have a session going that has now been lost and
show an explanatory message before restarting the session.

Rather than tagging a 'session in progress' flag on the end of every
request querystring I'd like to detect it using data sent in every
request.

One idea I had was that when a browser expecting a session sends a
sessionId cookie that no longer matches a stored session in IIS, this
indicates a lost session.

Am I right in thinking that looking for the sessionId cookie is
reliable way to detect the loss of a session and is there a better way
that will work seemlessly for cookieless sessions as well?

 

[Curt_C [MVP]]

look at the Session_onStart in the Global.asax file to catch the session
starting.
As for if it's a "new" one or not, you really can't.

 

[Kevin Spencer]

Hi Chris,

I believe you could indeed store the SessionID in a Cookie. If the current
SessionID is not the same as the Cookie, the user has started a new Session.
If the Cookie is not present, the user has not been there before. However,
the problem is going to be getting rid of the Cookie. For example, if the
user starts a Session, which sets the Cookie, closes his/her browser, and
comes back 2 hours later, the Cookie will have a SessionID in it, and it
will not match the current SessionID. But in this case, the user's Session
has not been interrupted.

Perhaps you should rethink this problem in terms of requirements. There may
be a better way to achieve what your requirements dictate.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Chris]

Kevin,

I was thinking of a session cookie so that from the browsers
perspective that cookie will exist so long as the browser isn't
closed, even if something happens on the server that looses the
session such a timeout.

If the the browser is closed then the cookie in gone and the session
should rightly be ended and a new one started when the user next sends
a request. From what I've read on session cookies (no expiry set?)
this might not work with all browsers because they delete (or stop
sending) them as soon as they expire, not when the browser is closed?

Brad - How does your user control work? I want to put the code in a
base page class that all other pages on the site derive from but I
might be able to do something similar.

Thanks all.

 

[Kevin Spencer]

If the the browser is closed then the cookie in gone and the session

should rightly be ended and a new one started when the user next sends
a request. From what I've read on session cookies (no expiry set?)
this might not work with all browsers because they delete (or stop
sending) them as soon as they expire, not when the browser is closed?

That's a good question, Chris. If you don't set the expiration on a Cookie,
it expires at the end of the browser Session. However, you may have heard
right (I don't know) that some browsers may delete Session Cookies when the
browser navigates away from a domain (although I haven't heard of it),
rather than when the browser closes. It would be worth investigating.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.