470,631 Members | 1,601 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,631 developers. It's quick & easy.

Detecting and handling an expired session in ASP.net

Hi all,

Any help with this would be much appreciated:

I have a site where the session needs to timeout because of security
concerns. I want to send the user back to the login page if the session is
expired.

Whats happening at the moment is that objects that exisit in the Session are
being accessed when the session has expired.
I know I could do an if Session["whatever"] != null or something similar to
detect whether the object is or isnt empty but there are many objects that
would need to be checked and I'll bet that some of them can be null quite
legitimately without needing the user to sign in again.

Question: Is there a way of doing something like:

if(Session.IsExpired){
// Redirect to login
}
else{
// Continue
}

I seem to remember from my university days that this is how you could do
things in java. Very simple - the session is either expired or not. I can't
seem to find an equivelent in ASP.net, which is begining to worry me
:-(

Thanks to anyone who can advise.

Take care

Simon
Nov 18 '05 #1
3 7233
Why not just use the Session_End event handler in Global.asax? This event
fires when the session is ended.
"Simon" <sh856531@microsofts_free_email_service.com> wrote in message
news:Oe**************@TK2MSFTNGP10.phx.gbl...
Hi all,

Any help with this would be much appreciated:

I have a site where the session needs to timeout because of security
concerns. I want to send the user back to the login page if the session is
expired.

Whats happening at the moment is that objects that exisit in the Session
are being accessed when the session has expired.
I know I could do an if Session["whatever"] != null or something similar
to detect whether the object is or isnt empty but there are many objects
that would need to be checked and I'll bet that some of them can be null
quite legitimately without needing the user to sign in again.

Question: Is there a way of doing something like:

if(Session.IsExpired){
// Redirect to login
}
else{
// Continue
}

I seem to remember from my university days that this is how you could do
things in java. Very simple - the session is either expired or not. I
can't seem to find an equivelent in ASP.net, which is begining to worry me
:-(

Thanks to anyone who can advise.

Take care

Simon

Nov 18 '05 #2
Hi Scott,

Thanks for your answer.

I'm not really sure how that would work.Could you explain a little bit more
on what I would have to do on a per request basis. eg I'm imagining it would
be something like -

1. Whenever the event is fired I would make a not of the expiring session id
2. Then examine each request to see if the session id provided is expired.

That doesnt seem right to me. A bit to pissy for want of a better term.

It seems like the sort of thing that the framework should take care of and
expose through an expired property or something similar.

But then again, I'm pretty sure I'm making incorrect assumptions about how
you are suggesting this would work.

Any more details would be much appreciated.

Thanks again Scott

Simon
Nov 18 '05 #3
No Simon, this event fires when any user session DOES expire, so you don't
need to see if the session has expired in that code. If there is something
you want done as ANY session expires, just put the code for it into this
event handler. You don't need to check if the session has expired because
this event handler wouldn't have fired unless the session DID expire.

This event handler is not new. It was part of Global.asa in Classic ASP and
is now in Global.asax in ASP.NET. Check out
http://msdn.microsoft.com/library/de...alasaxfile.asp
for more info.
"Simon" <sh856531@microsofts_free_email_service.com> wrote in message
news:e5**************@TK2MSFTNGP12.phx.gbl...
Hi Scott,

Thanks for your answer.

I'm not really sure how that would work.Could you explain a little bit
more on what I would have to do on a per request basis. eg I'm imagining
it would be something like -

1. Whenever the event is fired I would make a not of the expiring session
id
2. Then examine each request to see if the session id provided is expired.

That doesnt seem right to me. A bit to pissy for want of a better term.

It seems like the sort of thing that the framework should take care of and
expose through an expired property or something similar.

But then again, I'm pretty sure I'm making incorrect assumptions about how
you are suggesting this would work.

Any more details would be much appreciated.

Thanks again Scott

Simon

Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Keith | last post: by
1 post views Thread by szabelin | last post: by
4 posts views Thread by Chris Newby | last post: by
4 posts views Thread by Peter Smith | last post: by
6 posts views Thread by NH | last post: by
5 posts views Thread by Pavils Jurjans | last post: by
3 posts views Thread by Sems | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.