By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,581 Members | 1,990 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,581 IT Pros & Developers. It's quick & easy.

A little help with managing session timeouts

P: n/a
Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each
page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into
the secure section of the site. If a session isnt detected it should quietly
take the user to the login page and then once the user enters their details,
redirect them to the secure page they were trying to get to before. This all
sounds fine in theory but the problem is that the code above just identifies
the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon
Nov 18 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Check out "Session.IsMewSession" in the .NET docs. It sounds like what you
want.

"Simon Harvey" wrote:
Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each
page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into
the secure section of the site. If a session isnt detected it should quietly
take the user to the login page and then once the user enters their details,
redirect them to the secure page they were trying to get to before. This all
sounds fine in theory but the problem is that the code above just identifies
the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon

Nov 18 '05 #2

P: n/a
OOPs, typo...Session.IsNewSession...
Nov 18 '05 #3

P: n/a
Look into FormsAuthentication. It should allow you to do most of what you
would like to do.

--
Girish Bharadwaj
http://msmvps.com/gbvb
"Simon Harvey" <sh856531@microsofts_free_email_service.com> wrote in message
news:uQ**************@TK2MSFTNGP09.phx.gbl...
Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into the secure section of the site. If a session isnt detected it should quietly take the user to the login page and then once the user enters their details, redirect them to the secure page they were trying to get to before. This all sounds fine in theory but the problem is that the code above just identifies the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon

Nov 18 '05 #4

P: n/a
Hi Guys,

Thanks for your help. I'm currently using forms authentication at the
moment. I can't find much information about session handling in the
documentation though.

I'll go have a look at isSessionNew just now. I'm not sure its what I need
but maybe.

Thanks for your help

Simon
Nov 18 '05 #5

P: n/a
Hi Brad,

I think I see where you're going with the IsNewSession property. I just want
to check something with you if thats ok.

Is the reason this works because when a user follows a link to a secure area
of the site from an email, the IsNewSession property will always be true
because it will have been made as soon as the user followed the link. A time
out won't occur like this because the IsNewSession will be false?

That seems to make sense to me. I'll try it later on today.

Thanks again for your help

Simon
Nov 18 '05 #6

P: n/a
Hi Brad,

I think I see where you're going with the IsNewSession property. I just want
to check something with you if thats ok.

Is the reason this works because when a user follows a link to a secure area
of the site from an email, the IsNewSession property will always be true
because it will have been made as soon as the user followed the link. A time
out won't occur like this because the IsNewSession will be false?

That seems to make sense to me. I'll try it later on today.

Thanks again for your help

Simon
Nov 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.