开发者

Session is not timing out in ASP.NET web application

问答 作者:

I'm developing an ASP.NET 3.5 WebForms application where I would like the session to timeout after a certain period of time. After which, if the user tries to do anything, the application should redirect them to a page stating that the session has timed out and that they will need to start over. Pretty standard stuff, as far as I know.

However, I can't seem to make the session timeout to test this functionality, either running from Visual Studio or from IIS. Here's my session state setti开发者_C百科ngs in web.config:

<sessionState mode="SQLServer"
              allowCustomSqlDatabase="true"
              sqlConnectionString="<ConnectionString>"
              cookieless="false"
              timeout="1" />

Here's how I'm testing for session timeout:

public bool IsSessionTimeout
{
    get
    {
        // If the session says its a new session, but a cookie exists, then the session has timed out.
        if (Context.Session != null && Session.IsNewSession)
        {
            string cookie = Request.Headers["Cookie"];
            return !string.IsNullOrEmpty(cookie) && cookie.IndexOf("ASP.NET_SessionId") >= 0;
        }
        else
        {
            return false;
        }
    }
}

It appears that Session.IsNewSession always returns false, which makes sense, because the Session_End method never gets called in my Global.asax.cs. What am I missing?

I do this:

        if (Session["myUser"] != null)
            myUser = (User)Session["myUser"];
        else
            myUser = null;

        //User must be logged in, if not redirect to the login page - unless we are already running the login page.
        if ((myUser == null) && (Request.Url.AbsolutePath != "/Login.aspx"))
            Response.Redirect("Login.aspx?Mode=Timeout", true);

in the page_init of my master page for one of my sites. You could adapt it pretty easily for what you want. Basically, check for something that should exist in session, and if it is not there, your session has timed-out and you can take appropriate action.

In my case, they are redirected to the login page. In your case, whenever they start what your 'process' is, you set a session variable. On every page request, see if that item still exists in the session.

Here's what I ended up implementing.

In Global.asax.cs:

protected void Session_Start(object sender, EventArgs e)
{
    Session[SessionKeys.SessionStart] = DateTime.Now;
}

In my pages' base class:

public bool IsSessionTimeout
{
    get
    {
        DateTime? sessionStart = Session[SessionKeys.SessionStart] as DateTime?;
        bool isTimeout = false;

        if (!sessionStart.HasValue)
        {
            // If sessionStart doesn't have a value, the session has been cleared, 
            // so assume a timeout has occurred.            
            isTimeout = true;
        }
        else
        {
            // Otherwise, check the elapsed time.
            TimeSpan elapsed = DateTime.Now - sessionStart.Value;
            isTimeout = elapsed.TotalMinutes > Session.Timeout;
        }

        Session[SessionKeys.SessionStart] = DateTime.Now;
        return isTimeout;
    }
}

继续阅读:asp.netsession-timeout

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9