I have found some similar questions but none gave me what I really need.
Here is the thing, I have added this to my web.config to handle user session expiration:
<sessionState mode="InProc" timeout="1" />
After 1 minute, the Session_End event from Global.asax is raised:
Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
Response.Redirect("Login.aspx")
End Sub
This doesn’t work, because:
Response is not available in this context.
(By the way, this question got an anwswer telling that this is ok and it got upvotes).
I don’t want nothing fancy. I just want a simple way to redirect the user to the login page when the session time expires. That’s all.
Thank you.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Description
You can use the Page_Initevent in the global.asax
Sample
Protected Sub Page_Init(sender As Object, e As EventArgs)
If Context.Session IsNot Nothing Then
If Session.IsNewSession Then
Dim newSessionIdCookie As HttpCookie = Request.Cookies("ASP.NET_SessionId")
If newSessionIdCookie IsNot Nothing Then
Dim newSessionIdCookieValue As String = newSessionIdCookie.Value
If newSessionIdCookieValue <> String.Empty Then
' This means Session was timed Out and New Session was started
Response.Redirect("Login.aspx")
End If
End If
End If
End If
End Sub
More Information
Method 2
Session_End is a server-side event, meaning it is triggered on the web server and has nothing to do with a request by the client. This is why the Request is unavailable.
You have two choices in this matter:
- On each client request, check if a specific Session variable is set. If it is not, it means the previous Session has expired and the new Session must be populated. (I am assuming this is why you want to check for Session expiration)
- Have a javascript call on the client that periodically goes back to the server to check if the Session is still valid. If the Session has expired, you can redirect the user to the login page.
samples of different redirect methods
location.href = "login.aspx";
// or you can use
location.assign("login.aspx");
//for redirecting without storing in history
location.replace("login.aspx")
Don’t forget to add ?ReturnUrl=[current url] to the login redirect path.
HTH
Method 3
Check for expired sessions on every Page_Init event. If there are too many pages to do this check, this is what I usually do:
- I create a base class and inherit from System.Web.UI.Page.
- Write my redirect logic in the Page_Init event of my base class.
- Have the rest of my pages inherit from this base class.
Good luck.
Method 4
Here’s the C# version of dknaack’s answer:
protected void Page_Init(object sender, EventArgs e)
{
if (Context.Session != null)
{
if (Session.IsNewSession)
{
HttpCookie newSessionIdCookie = Request.Cookies["ASP.NET_SessionId"];
if (newSessionIdCookie != null)
{
string newSessionIdCookieValue = newSessionIdCookie.Value;
if (newSessionIdCookieValue != string.Empty)
{
// This means Session was timed Out and New Session was started
Response.Redirect("Login.aspx");
}
}
}
}
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0