Session.IsNewSession Always True

D

daokfella

I have an HttpHandler that is "pinged" via ajax to see if the user's
session has expired. I'm using Session.IsNewSession. However, I get
some weird results. In some testing, it works fine. However, sometimes
it just begins to return True no matter what. While debugging, the
Session was definitely not new (same SessionId).

I read somewhere that the Session_Start needed to be wired up in
Global.asax in order to use Session.IsNewSession reliably. It was
wired up, but no code was written inside the event. I added {string s
= "";} in the Session_Start event, and things started working OK, but
I'm afraid this is one of those "false" tests that I've had in the
past.

Does anybody have an explanation for me why this behavior might be
happening?
 
B

bruce barker

its a minor defect in your logic.

ajax (via httprequest) pings can not prevent the session timing out, as the
client cookie is not updated. the default (for an expired cookie) is to use
the same session id.

use a hidden image or iframe to do the ping.

-- bruce (sqlwork.com)
 
D

daokfella

Thanks Bruce,

But let's say that the purpose of the ajax ping is to simply see if
the session expired or not (and not extend the session). What
javascript can I run to extend the session if the ajax request informs
me that the session is still alive?

Unfortunately, I don't want to keep the session alive indefinitely. I
do want the session to end. I want the ping to tell me if it has
ended. If so, I want to refresh the page (document.location =
document.location) so the user is redirected to the login page (the
page is secured).
 
H

Hans Kesting

its a minor defect in your logic.

ajax (via httprequest) pings can not prevent the session timing out, as the
client cookie is not updated. the default (for an expired cookie) is to use
the same session id.

use a hidden image or iframe to do the ping.

-- bruce (sqlwork.com)

Is that true?
The client cookie does not need to be updated: it has no expiry date.
It's the server-side session that should be "touched". I was under the
impression that an Ajax call *with session enabled* (maybe readonly)
could do that.
Maybe you need to "do" something in the session, even if it is
Session["dummy"] = 0.

Hans Kesting
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top