Prysson
asked on
Expired Session redirect problem
I have an expired session issue..
I have a pasepage class that detects when a session is expired and redirects them to another page.
This works fine...however..on the redirect page is a link to the default.aspx page. The idea is that they shoudl be able to go back to that page and restart the applkication with a new session.
But all that happens is that it redetects that the session was expired and sends them back to the expired session page.
Here is the code in the base page.
public class BasePage : System.Web.UI.Page
{
public BasePage()
{
}
override protected void OnInit(EventArgs e)
{
base.OnInit(e);
//It appears from testing that the Request and Response both share the
// same cookie collection. If I set a cookie myself in the Reponse, it is
// also immediately visible to the Request collection. This just means that
// since the ASP.Net_SessionID is set in the Session HTTPModule (which
// has already run), thatwe can't use our own code to see if the cookie was
// actually sent by the agent with the request using the collection. Check if
// the given page supports session or not (this tested as reliable indicator
// if EnableSessionState is true), should not care about a page that does
// not need session
if (Context.Session != null)
{
//Tested and the IsNewSession is more advanced then simply checking if
// a cookie is present, it does take into account a session timeout, because
// I tested a timeout and it did show as a new session
if (Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out (can't use the cookie collection because even on first
// request it already contains the cookie (request and response
// seem to share the collection)
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A SP.NET_Ses sionId") >= 0))
{
Response.Redirect("Session Expired.as px");
}
}
}
}
}
I have a pasepage class that detects when a session is expired and redirects them to another page.
This works fine...however..on the redirect page is a link to the default.aspx page. The idea is that they shoudl be able to go back to that page and restart the applkication with a new session.
But all that happens is that it redetects that the session was expired and sends them back to the expired session page.
Here is the code in the base page.
public class BasePage : System.Web.UI.Page
{
public BasePage()
{
}
override protected void OnInit(EventArgs e)
{
base.OnInit(e);
//It appears from testing that the Request and Response both share the
// same cookie collection. If I set a cookie myself in the Reponse, it is
// also immediately visible to the Request collection. This just means that
// since the ASP.Net_SessionID is set in the Session HTTPModule (which
// has already run), thatwe can't use our own code to see if the cookie was
// actually sent by the agent with the request using the collection. Check if
// the given page supports session or not (this tested as reliable indicator
// if EnableSessionState is true), should not care about a page that does
// not need session
if (Context.Session != null)
{
//Tested and the IsNewSession is more advanced then simply checking if
// a cookie is present, it does take into account a session timeout, because
// I tested a timeout and it did show as a new session
if (Session.IsNewSession)
{
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out (can't use the cookie collection because even on first
// request it already contains the cookie (request and response
// seem to share the collection)
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A
{
Response.Redirect("Session
}
}
}
}
}
ASKER
IM sorry im not following you...couplke things. There is no login. This is on an internal network and while anonymous access is disallowed the login happens autmatically via windows authentication...
Still Im not sure exactly what you are saying send current page url in string..send where?...capture the page before redirecting to the sessiontimeout page?
Still Im not sure exactly what you are saying send current page url in string..send where?...capture the page before redirecting to the sessiontimeout page?
k u r using windows authentication.
read this
http://msdn.microsoft.com/en-us/library/ms972958.aspx
http://geekswithblogs.net/jkurtz/archive/2007/08/27/114992.aspx
read this
http://msdn.microsoft.com/en-us/library/ms972958.aspx
http://geekswithblogs.net/jkurtz/archive/2007/08/27/114992.aspx
ASKER
I dont see what relevence this has to my issue. I am not trying to force users to log into anything I dont want a login form.
The problem lies here int he basepage code
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A SP.NET_Ses sionId") >= 0))
{
Response.Redirect("Session Expired.as px");
}
The problem is that in the SessionExpired page the response.redirect back to the default.aspx only evaluates if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A SP.NET_Ses sionId") >= 0))
back to true..so Response.Redirect("Session Expired.as px"); runs again and the user is redirected back to the stupid sessionexpired page..its a loop I cant get out of.
The problem lies here int he basepage code
string szCookieHeader = Request.Headers["Cookie"];
if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A
{
Response.Redirect("Session
}
The problem is that in the SessionExpired page the response.redirect back to the default.aspx only evaluates if ((null != szCookieHeader) && (szCookieHeader.IndexOf("A
back to true..so Response.Redirect("Session
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
use this to get current current page path and name
Request.Url.PathAndQuery;