开发者

How to detect if SessionState has expired?

What would be the best way to detect if the SessionState has died in order to send the user to a "Session Expired" page? I've successfully configured the app (in Web.config) to do this when the authentication cookie is gone (there's a setting for that), but so far I haven't found an effective way to do something similar when the SessionState is gone. The app in qu开发者_StackOverflowestion holds some data in the Session, and should present the user with a "Session Expired - Please login again" page if any of them is gone.

So far, the only option I can think of doing it in each of the places I access Session, but this is obviously a less than optimal solution.


I remember a similar question. Actually, you don't have many opportunities.

I mean, you can't redirect a user to a page when server fires the SessionEnd event, that you can handle in Global.asax.

However, if you play with the Session object from inside the page you can do something useful... For example, save the session ID in the page's context, or in a hidden field. When you postback, compare the saved ID with your Session ID. If they differ, a new session started, meaning that the old one expired.

Now it's time to redirect the user :)

Hope to have been of help.


Yeah it's tough. :)

There is no real simple/definitive way to do it.

One option is stick a guid/idenfitier in the Session[] collection during Session_Start (global.asax), and then check for this value in Page_Load of your base page (e.g master).

Another option is to check the actual ASPX cookie:

HttpCookie sessionCookie = Request.Cookies["ASP.NET_SessionId"];

If it's null, the session is over.


Why not include the session check on the masterpage? Any of your session variables will return null if the session has expired. So on page_load you can check any of them and carry out the appropriate action i.e. Response.Redirect. However you say in the Web.Config you can check when the authentication cookie is gone, so can you not carry out an action on this?

Another method would be to use a HTTP Module which would intercept each request and decide what to do with it. This would be better than my first method and it'll occur prior to any page processing.


When the client logs in, you give him a session flag, like notexpired and set it to 1.

Then you write a web-module, which on every http request checks if notexired = 1. If that check throws an exception or is 0, you can deny access or redirect to an error page.

or you can renew the session from the database, should you save sessions into the database.

Incidentially, this also works with AJAX handlers, unlike base-page class hacks.


there are lots of examples on internet to solve your problem (it's quite common)

have a look at

http://geekswithblogs.net/shahed/archive/2007/09/05/115173.aspx


Another way is check the repository sessions values are maintained. In my case we have a hashtable and we log the session ID then every time we need that session we checked if the value is still there.. That a centralized way to keep your app about the status of your session Hope this helps/


Check out for this property at the Page_Load event of your desired page:

Dim sessionExpired as Boolean = Context.Session.IsNewSession

For more information, please visit this link.

Notice the "liveliness" of the session state is set by default to 20 min, but this can be easily changed in the web.config of the application with the timeout property:

<system.web>
<!--Set default timeout for session variables (default is 20 minutes, but was changed to 30 minutes-->
    <sessionState mode="InProc" cookieless="false" timeout="30" />       
</system.web>

Also, please check out at MSDN for the other properties mode and cookieles. It can help to extend the validity of your current business situation.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜