In Esposito's book, what's the purpose of going to session_expired.aspx?

R

Rod

In Dino Esposito's book, "Programming Microsoft ASP.NET", there is a chapter
titled, "ASP.NET State Management". There is a section in there discussing
session state sometimes going away. He mentions that in version 1.1 of
ASP.NET, that it isn't possible for the application to know about the
session expiring. He gives a work around which you can try using that is
put into the Session_Start event, which would first determine if there
exists a cookie called "started_at". If there isn't, then the session was
never started, you create the cookie and then put DateTime.Now into it.



However, if the cookie has been created and you're still executing the
Session_Start event, then the session has expired. His code then does the
following:



Context.Response.Redirect("session_expired.aspx");



Now, I know that the name of the target page isn't important, but what I don
't understand is why he would recommend going to an ASPX page? I would have
thought that you would rather send the user to some HTML page instead. I am
sure I am missing something here, so please enlighten me.



Rod
 
J

Joerg Jooss

Rod said:
In Dino Esposito's book, "Programming Microsoft ASP.NET", there is a
chapter titled, "ASP.NET State Management". There is a section in
there discussing session state sometimes going away. He mentions
that in version 1.1 of ASP.NET, that it isn't possible for the
application to know about the session expiring. He gives a work
around which you can try using that is put into the Session_Start
event, which would first determine if there exists a cookie called
"started_at". If there isn't, then the session was never started,
you create the cookie and then put DateTime.Now into it.



However, if the cookie has been created and you're still executing the
Session_Start event, then the session has expired. His code then
does the following:



Context.Response.Redirect("session_expired.aspx");



Now, I know that the name of the target page isn't important, but
what I don 't understand is why he would recommend going to an ASPX
page? I would have thought that you would rather send the user to
some HTML page instead. I am sure I am missing something here, so
please enlighten me.

Why would you expect to redirect only to a static page? Both solutions are
possible.

Cheers,
 
R

Rod

Mainly because I thought, once the session has expired going to a .ASPX page
with a session ID which is still around, might cause problems.

Or at least, that is what I thought.

Am I wrong about that?

Rod
 
S

Steven Cheng[MSFT]

Hi Rod,

I think Both aspx page and static html page are OK. And when Session
Expired, a new one will automatically started. Since we manually check the
expiring in our serverside code, so when we detect the oringal session
state is expired, in fact a new one is already started. There won't be any
problem as long as we don't try to access the old datas wo originally
stored in the SessionState after it expired.
The reason we redirect the user to an aspx page is ASPX page is served by
asp.net runtime and we can do some further serverside tasks there. Also, if
we just want to display some static infos (messages) to the end user, a
static html page is enough. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top