I have an ASP.NET MVC4 application where I am implementing sessionTimeout like:
<configuration>
<system.web>
<sessionState timeout="2"></sessionState>
</system.web>
</configuration>
And in authentication:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="1" />
</authentication>
</system.web>
</configuration>
After the session has expired (2 mins), I need to redirect to the logon page, but the redirection doesn’t occur.
How can I change the code so that it will redirect?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
One way is that
In case of Session Expire, in every action you have to check its session and if it is null then redirect to Login page.
But this is very hectic method
To over come this you need to create your own ActionFilterAttribute which will do this, you just need to add this attribute in every action method.
Here is the Class which overrides ActionFilterAttribute.
public class SessionExpireFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpContext ctx = HttpContext.Current;
// check if session is supported
CurrentCustomer objCurrentCustomer = new CurrentCustomer();
objCurrentCustomer = ((CurrentCustomer)SessionStore.GetSessionValue(SessionStore.Customer));
if (objCurrentCustomer == null)
{
// check if a new session id was generated
filterContext.Result = new RedirectResult("~/Users/Login");
return;
}
base.OnActionExecuting(filterContext);
}
}
Then in action just add this attribute like so:
[SessionExpire]
public ActionResult Index()
{
return Index();
}
This will do you work.
Method 2
I discover very simple way to redirect Login Page When session end in MVC. I have already tested it and this works without problems.
In short, I catch session end in _Layout 1 minute before and make redirection.
I try to explain everything step by step.
If we want to session end 30 minute after and redirect to loginPage see this steps:
-
Change the web config like this (set 31 minute):
<system.web> <sessionState timeout="31"></sessionState> </system.web> -
Add this JavaScript in
_Layout(when session end 1 minute before this code makes redirect, it makes count time after user last action, not first visit on site)<script> //session end var sessionTimeoutWarning = @Session.Timeout- 1; var sTimeout = parseInt(sessionTimeoutWarning) * 60 * 1000; setTimeout('SessionEnd()', sTimeout); function SessionEnd() { window.location = "/Account/LogOff"; } </script> -
Here is my LogOff Action, which makes only LogOff and redirect LoginIn Page
public ActionResult LogOff() { Session["User"] = null; //it's my session variable Session.Clear(); Session.Abandon(); FormsAuthentication.SignOut(); //you write this when you use FormsAuthentication return RedirectToAction("Login", "Account"); }
I hope this is a very useful code for you.
Method 3
There is a generic solution:
Lets say you have a controller named Admin where you put content for authorized users.
Then, you can override the Initialize or OnAuthorization methods of Admin controller and write redirect to login page logic on session timeout in these methods as described:
protected override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
//lets say you set session value to a positive integer
AdminLoginType = Convert.ToInt32(filterContext.HttpContext.Session["AdminLoginType"]);
if (AdminLoginType == 0)
{
filterContext.HttpContext.Response.Redirect("~/login");
}
base.OnAuthorization(filterContext);
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0