is session_end event totally USELESS?

[Jason Shohet]

We want to redirect a user when the session ends, to a page. It doesn't
seem to work (should it?).
We can put the redirect in the session_start, but this causes other problems
because when the session_starts, we actually want to redirect the user to a
different URL.

Can anyone help us out here? TY in advance!
Jason Shohet

 

[Patrice]

When session_end fires there is not necessarily a current HTTP reequest (it
just fires 20 min after you have no news friom the user).

What do you want to do ? Is this to handle session expiration. Usually this
is done the other way round (ie on the next request). It's likeky that .NET
Forms authentication handles this...

Patrice

 

[mimi]

I don't think you could redirect or transfer in application or session
events. They are different threads and not related to page.
If you want to handle error, set error page in web.config file and throw an
exception in session_onend. The application will redirect to the error
page.

 

[Jason Shohet]

Thanks Mimi, Patrice,

I'm also looking at another way (the error page thing sounds interesting
too). Create a base page, and put this in the page_load event (and all
pages of the app inherit from the base page):

Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60)
+ 5) + "; URL=loginpage.aspx");

I believe this works, haven't tried it yet but seems there are those that
have done this and managed to "fool" a redirect on session_end....

TY

 

[Patrice]

As said earlier I would just do this on the next request to avoid having the
application doing something the user didn't asked for (he could be
surpesised to go to luanch and find him on the login page when he comes back
; it is clearier IMO for him if he does something with the page and then
sees he should log again).

You could also look before if this is not done for you depending on the .NET
authentication method you are using (could be IMO for forms authentication).

If not you could likely do this in the Application_BeginRequest test for a
new session (there is even a property for this).


Patrice

 

[Jason Shohet]

Hi Patrice. Thanks again for your comments, I really appreciate it.
In this case, if he goes to lunch it might be ok to return to the login
page, even though he doesn't request a page... its a timekeeping system and
we'll clearly explain that they are supposed to log out (not leave it
running).

Application_start is definately out since we have other code in there it
would conflict with. Application_beginRequest, I'm not sure what this is
(different than application_start?). I suppose the error page for the site
might be ok but won't that trap all errors? I want the user to see the
actual error screens (that tell me which line etc if something blows up),
I'd rather not mask it because if there's a legit error I want to see the
full error text. This is a case where we really don't have an 'error' per
se, just a redirect on session end.

I might try the way in my last posting first. We can also redirct the user
to a page that says "You were logged out because you left the application up
too long... click here to return to the login page..." and that might be
more user friendly. TY once again for your tips & help