Hi,
Based on my understanding, you have two questions:
1) Why the cookie FormsAuthentication.FormsCookieName cannot be found in
Request.Cookies collection after the session is expired in ASP.NET 2.0?
2) What's the recommended way to detect expired sessions?
If I've misunderstood anything, please feel free to let me know.
For question 1), I cannot find documentation on the design change. Also, I
don't think this is the recommended way to detect expired sessions.
For question 2), it's a pity that currently ASP.NET doesn't provide a
built-in way to return this information. Though we do have two commonly
used workarounds:
2.1) The first workaround is create a cookie on Session_OnStart as
described in following FAQ:
#ASP.NET Forums - Understanding session state modes + FAQ
http://forums.asp.net/7504/ShowPost.aspx
Q: How do I detect a session has expired and redirect it to anther page?
A: It's a much requested feature, and unfortunately there is no easy way to
do it right now. We will look into in the next major version. In the
meantime, if you are using cookie, you can store a marker in your cookie so
you can tell the difference between "fresh browser + new session" and "old
browser + expired session". Below is a sample code that will redirect the
page to an expired page if the session has expired.
void Session_OnStart(Object sender, EventArgs e) {
HttpContext context = HttpContext.Current;
HttpCookieCollection cookies = context.Request.Cookies;
if (cookies["starttime"] == null) {
HttpCookie cookie = new HttpCookie("starttime",
DateTime.Now.ToString());
cookie.Path = "/";
context.Response.Cookies.Add(cookie);
}
else {
context.Response.Redirect("expired.aspx");
}
}
2.2) Second workaround is to use the cookie used to store the session id:
#Detecting ASP.NET Session Timeouts: ASP Alliance
http://aspalliance.com/520
if (Context.Session != null)
{
if (Session.IsNewSession)
{
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) &&
(szCookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
{
Response.Redirect("sessionTimeout.htm");
}
}
}
Additional references:
#Multiple Login Check with Session Ping
http://www.eggheadcafe.com/articles/20040720.asp
#How and why session IDs are reused in ASP.NET
http://support.microsoft.com/kb/899918
Hope this helps. Let me know if you need further information.
Sincerely,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
