re: 1
Session variables expire when a user hasn't requested
any page from an application within the time limit set
for session expiration.
re: 2
A user may open pages after his session has expired,
but the session variables collection will be empty,
except for any session variables set in Session_OnStart
or the page the user opened, since a new session will
have been spawned after expiration of the session and
a subsequent opening of a page within the application.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Espaņol
=====================
"ChrisN" <cnewald@hotmail.com> wrote in message
news:eAhHShdEFHA.3592@TK2MSFTNGP15.phx.gbl...[color=blue]
> Hi there,
>
> Two questions related to each other.
>
> 1. Session variables expire by defualt when not used for 20 minutes. Does
> "used" mean that a user has not access any session varibles in 20 minutes
> or that no pages activity has taken place in that time regardless of
> wether or not a session variable has been accessed?
>
> 2. When a user logges in I store the user's ID in a session variable. This
> variable is required on most but not all pages of my site. For security
> reasons I can't store it in a cookie. Will there ever be a scenario where
> the user is still looking at pages on the site when his session variable
> expries?
>
> Thanks,
> Chris.
>[/color]
