Solved

determining the reason for a session_end event

Posted on 2004-08-25
7
819 Views
Last Modified: 2008-01-09
Hello,

Is it possible to determine whether a session ended because a timeout occurred?

That is, say I define a 30 minute timeout for the session.

Now, the session can end for several reasons, including closing the browser, logging out, timeout, turning off the server, etc.

However, the Microsoft.Win32.SessionEndReasons enumeration only defines "Logoff" and "SystemShutdown" and doesn't really apply to web applications.  I can't seem to find any way to get the reason for a session timeout.  Is there such a property?

The reason I need this, is that I need to redirect to different pages, based on the reason.  Accessing a page without logging in should cause a different redirection than a timeout, for example.
0
Comment
Question by:shovavnik
  • 4
  • 2
7 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 11892958
You can't redirect from session_end like you are hoping, this is a server side event called by the server and is not linked to any particular Request.  This page has some more info on this.

http://www.eggheadcafe.com/articles/20021016.asp
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11893065
You could always perform some action to let you know based on EndRequest.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpApplicationClassEndRequestTopic.asp

Regards,

Aeros
0
 
LVL 8

Author Comment

by:shovavnik
ID: 11893311
raterus,

Your article is enlightening, but I think I didn't state my question properly.

Basically, I don't need to respond to the Session_End event, which won't fire anyway, as we use webfarms.

What I want to be able to do is figure out, in Application_BeginRequest maybe (or wherever I can capture the state), is whether the Session Timeout has passed.

My code already guarantees that the user must be logged in, and if the user is not logged in, the page is redirected.  This is done in the OnInit of a base page from which all the application pages inherit.

The ideal solution would be along the following lines (merged with existing code).  Note that this is in OnInit and occurs before InitializeComponent.

protected virtual void EnsureLogin()
{
  // ----- this line doesn't exist yet ----- //
  if( ***TheSessionHasTimedOutBeforeThisRequest*** ) Response.Redirect( "timedoutpage.aspx" );
  // ----- end of non-existent code ----- //
  else if( !AppUser.IsLoggedIn ) Response.Redirect( "pleaseloginpage.aspx" );
}


The question is, how can I implement the TheSessionHasTimedOutBeforeThisRequest thingy?  Is it possible?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 8

Author Comment

by:shovavnik
ID: 11893332
Aeros,

I can't use EndRequest in this case, because I need to kick the user out before the request is completed and not after.

But in any case, what action could I perform to let me know?  I can safely say that I understand the event flow and know where I need to put the code that checks for the session end reason.  I just don't know what that code should be.
0
 
LVL 33

Accepted Solution

by:
raterus earned 500 total points
ID: 11894735
Have you looked at the IsNewSession property of the HttpSessionState Class?  It would seem that if when they logged in you persisted a value (not in the session of course), which would instuct your pages to check "IsNewSession" on each request now, and if it is ever true, you will know that the session was ended sometime after the last request.

Just guessing here.. :-)
--Michael

0
 
LVL 8

Author Comment

by:shovavnik
ID: 11895145
raterus,

I'll check this tomorrow at work.

In the meantime, we're considering (my colleagues and I) using a cookie.  The idea is to set a dummy cookie value when the user logs in and clear it when the user logs out.

If the user tries to access a page that requires login and the cookie is present, then if the session has ended I can know that it ended because of a timeout.

If on the other hand, the user tries to access a page that requires login but the cookie is not present, then I know the user needs to be redirected to the login page.

It's possible that your method and this method can work together.  I'll have to evaluate my options tomorrow.

I'll let you know.
0
 
LVL 8

Author Comment

by:shovavnik
ID: 11903140
raterus,

Your suggestion for IsNewSession doesn't help, because I already know if this is a new session.

However, your suggestion to persist a value is essentially what we ended up doing by persisting the cookie.

So, thanks for your help.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now