Security issue / Session variable expiration?

V

VB Programmer

I know you can make cookies expire, but how about session variables? I'm
basically using session for security, etc... One variable is
session("LoggedOn"). If a page sits idle for 30 minuts I want to make them
log back in order to see another page (ie turn "LoggedOn" = false).

Any ideas or suggestions?

Thanks!
 
H

Hermit Dave

Session variables reside on the server and are held in the memory for a
duration set by web.config
The default duration is 20 mins after which all the resources are released.

As you know cookie can be set to expire after certain minutes. Or you can
set sliding expiration which means that if its used then the expiration time
is reset to a certain period in future. (You manually set that).

So if you anytime you access the resources in Session always check with
something like
if(Session["objectname"] != null)
{
// read the object and process
}

equivalent vb.net is something like
if Session["objectname"] in not null then

' do whatever needs to be done
end if

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session Variable Security 1
Session variable, security, SSL, I'm confused 9
Session variable value getting lost from global.asax 1
Session variable being cleared--why? 1
Response.WriteBinary -> IE 7 security download blocker issue 4
Session Timeout 13
Major Security Issue 4
Issue with Jeff's SqlSiteMapProvider 0

Members online

No members online now.
Total: 23 (members: 0, guests: 23)
Robots: 139

Forum statistics

Threads
473,776
Messages
2,569,603
Members
45,189
Latest member
CryptoTaxSoftware

Latest Threads

Top