Hi Patrice. Thanks again for your comments, I really appreciate it.
In this case, if he goes to lunch it might be ok to return to the login
page, even though he doesn't request a page... its a timekeeping system and
we'll clearly explain that they are supposed to log out (not leave it
running).
Application_start is definately out since we have other code in there it
would conflict with. Application_beginRequest, I'm not sure what this is
(different than application_start?). I suppose the error page for the site
might be ok but won't that trap all errors? I want the user to see the
actual error screens (that tell me which line etc if something blows up),
I'd rather not mask it because if there's a legit error I want to see the
full error text. This is a case where we really don't have an 'error' per
se, just a redirect on session end.
I might try the way in my last posting first. We can also redirct the user
to a page that says "You were logged out because you left the application up
too long... click here to return to the login page..." and that might be
more user friendly. TY once again for your tips & help
As said earlier I would just do this on the next request to avoid having
the application doing something the user didn't asked for