A little help with managing session timeouts

Simon Harvey

Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each
page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into
the secure section of the site. If a session isnt detected it should quietly
take the user to the login page and then once the user enters their details,
redirect them to the secure page they were trying to get to before. This all
sounds fine in theory but the problem is that the code above just identifies
the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon

Nov 18 '05 #1

Subscribe Post Reply

1227

Brad Roberts

Check out "Session.IsMewSession" in the .NET docs. It sounds like what you
want.

"Simon Harvey" wrote:

Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each
page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into
the secure section of the site. If a session isnt detected it should quietly
take the user to the login page and then once the user enters their details,
redirect them to the secure page they were trying to get to before. This all
sounds fine in theory but the problem is that the code above just identifies
the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon

Nov 18 '05 #2

Brad Roberts

OOPs, typo...Session.IsNewSession...

Nov 18 '05 #3

Girish Bharadwaj

Look into FormsAuthentication. It should allow you to do most of what you
would like to do.

--
Girish Bharadwaj
http://msmvps.com/gbvb
"Simon Harvey" <sh856531@microsofts_free_email_service.com> wrote in message
news:uQ**************@TK2MSFTNGP09.phx.gbl...

Hi everyone,

If anyone can help me with the following I would be very greatful.

In order to determine when a session has timed out I have some code in each page that does something like:

loadSessionData(); // Populates a variable called sessionState

if(sessionState.currentUser != null){
// Carry on
}

else{
Response.Redirect("/misc_pages/sessionExpired.aspx");
}

My problem is I often have to send out links in emails that jump right into the secure section of the site. If a session isnt detected it should quietly take the user to the login page and then once the user enters their details, redirect them to the secure page they were trying to get to before. This all sounds fine in theory but the problem is that the code above just identifies the fact that there isn't any session information and assumes that the
situation is a session timeout - which it isnt.

So I guess my question is:

How can I easily distinguish between occasions when a user's session has
timed out and occasions when the user has just tried to jump into a secure
area of the site without logging in?

If anyone can help me I would be very greatful.

Thanks in advance everyone

Kindest Regards

Simon

Nov 18 '05 #4

Simon Harvey

Hi Guys,

Thanks for your help. I'm currently using forms authentication at the
moment. I can't find much information about session handling in the
documentation though.

I'll go have a look at isSessionNew just now. I'm not sure its what I need
but maybe.

Thanks for your help

Simon

Nov 18 '05 #5

Simon Harvey

Hi Brad,

I think I see where you're going with the IsNewSession property. I just want
to check something with you if thats ok.

Is the reason this works because when a user follows a link to a secure area
of the site from an email, the IsNewSession property will always be true
because it will have been made as soon as the user followed the link. A time
out won't occur like this because the IsNewSession will be false?

That seems to make sense to me. I'll try it later on today.

Thanks again for your help

Simon

Nov 18 '05 #6

Simon Harvey

Nov 18 '05 #7

by: vesely | last post by:

Hi all, I'm currently relying on logged-in users hitting "logout" (logoff) before they leave, in order to terminate the session. With PHP the session filename is in a cookie that lasts for the...

PHP

Authentication with sessions...

by: Mark H | last post by:

Hey all-- I'm building a database and I basically need to keep out people who aren't authorized, but it's not like I need top security here. I'm just doing basic user/pass of a SQL database, and...

PHP

Dealing with Session State timeouts

by: Justin Dutoit | last post by:

Hey. What is the best practice for dealing with session state timeouts in a web app? eg Session_OnEnd Sign them out, so they redirect to Login on the next request. Also, for lower security...

ASP.NET

forms authentication timeouts and session timeouts

by: Jason | last post by:

What is the best way to set these timeouts? Should both be the same and what will happen if they are different? Thanks Jason

ASP.NET

Timeouts: session and authentication

by: mircu | last post by:

Hi, I need a quick solution to make my application behave correctly when one of these timeouts occurs. I have some logic in session_start but when the authentication cookie timeouts the user is...

ASP.NET

FBA & Session State

by: - Steve - | last post by:

I use forms based authentication and I've been putting the username in Session State (Session). Then when a user posts I check that Session != null else I Session.Abandon() and...

ASP.NET

Problem with asp.net app only allowing 1 user at a time

by: jsale | last post by:

I'm currently using ASP.NET with VS2003 and SQL Server 2003. The ASP.NET app i have made is running on IIS v6 and consists of a number of pages that allow the user to read information from the...

ASP.NET

Session timeouts

by: Fraijo | last post by:

how can i disable session timeouts without affecting any program codings?

ASP.NET

problem managing session with cookies and session_set_save_handler()

by: ddolgoff | last post by:

Hello to everyone, I have a problem of managing a session with cookies and "session_set_save_handler()". I want to use php's built-in session management mechanism with user-level session storage...

PHP

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

A little help with managing session timeouts

Similar topics