Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 986
  • Last Modified:

determining the reason for a session_end event

Hello,

Is it possible to determine whether a session ended because a timeout occurred?

That is, say I define a 30 minute timeout for the session.

Now, the session can end for several reasons, including closing the browser, logging out, timeout, turning off the server, etc.

However, the Microsoft.Win32.SessionEndReasons enumeration only defines "Logoff" and "SystemShutdown" and doesn't really apply to web applications.  I can't seem to find any way to get the reason for a session timeout.  Is there such a property?

The reason I need this, is that I need to redirect to different pages, based on the reason.  Accessing a page without logging in should cause a different redirection than a timeout, for example.
0
shovavnik
Asked:
shovavnik
  • 4
  • 2
1 Solution
 
raterusCommented:
You can't redirect from session_end like you are hoping, this is a server side event called by the server and is not linked to any particular Request.  This page has some more info on this.

http://www.eggheadcafe.com/articles/20021016.asp
0
 
AerosSagaCommented:
You could always perform some action to let you know based on EndRequest.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpApplicationClassEndRequestTopic.asp

Regards,

Aeros
0
 
shovavnikAuthor Commented:
raterus,

Your article is enlightening, but I think I didn't state my question properly.

Basically, I don't need to respond to the Session_End event, which won't fire anyway, as we use webfarms.

What I want to be able to do is figure out, in Application_BeginRequest maybe (or wherever I can capture the state), is whether the Session Timeout has passed.

My code already guarantees that the user must be logged in, and if the user is not logged in, the page is redirected.  This is done in the OnInit of a base page from which all the application pages inherit.

The ideal solution would be along the following lines (merged with existing code).  Note that this is in OnInit and occurs before InitializeComponent.

protected virtual void EnsureLogin()
{
  // ----- this line doesn't exist yet ----- //
  if( ***TheSessionHasTimedOutBeforeThisRequest*** ) Response.Redirect( "timedoutpage.aspx" );
  // ----- end of non-existent code ----- //
  else if( !AppUser.IsLoggedIn ) Response.Redirect( "pleaseloginpage.aspx" );
}


The question is, how can I implement the TheSessionHasTimedOutBeforeThisRequest thingy?  Is it possible?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
shovavnikAuthor Commented:
Aeros,

I can't use EndRequest in this case, because I need to kick the user out before the request is completed and not after.

But in any case, what action could I perform to let me know?  I can safely say that I understand the event flow and know where I need to put the code that checks for the session end reason.  I just don't know what that code should be.
0
 
raterusCommented:
Have you looked at the IsNewSession property of the HttpSessionState Class?  It would seem that if when they logged in you persisted a value (not in the session of course), which would instuct your pages to check "IsNewSession" on each request now, and if it is ever true, you will know that the session was ended sometime after the last request.

Just guessing here.. :-)
--Michael

0
 
shovavnikAuthor Commented:
raterus,

I'll check this tomorrow at work.

In the meantime, we're considering (my colleagues and I) using a cookie.  The idea is to set a dummy cookie value when the user logs in and clear it when the user logs out.

If the user tries to access a page that requires login and the cookie is present, then if the session has ended I can know that it ended because of a timeout.

If on the other hand, the user tries to access a page that requires login but the cookie is not present, then I know the user needs to be redirected to the login page.

It's possible that your method and this method can work together.  I'll have to evaluate my options tomorrow.

I'll let you know.
0
 
shovavnikAuthor Commented:
raterus,

Your suggestion for IsNewSession doesn't help, because I already know if this is a new session.

However, your suggestion to persist a value is essentially what we ended up doing by persisting the cookie.

So, thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now