Solved

determining the reason for a session_end event

Posted on 2004-08-25
7
823 Views
Last Modified: 2008-01-09
Hello,

Is it possible to determine whether a session ended because a timeout occurred?

That is, say I define a 30 minute timeout for the session.

Now, the session can end for several reasons, including closing the browser, logging out, timeout, turning off the server, etc.

However, the Microsoft.Win32.SessionEndReasons enumeration only defines "Logoff" and "SystemShutdown" and doesn't really apply to web applications.  I can't seem to find any way to get the reason for a session timeout.  Is there such a property?

The reason I need this, is that I need to redirect to different pages, based on the reason.  Accessing a page without logging in should cause a different redirection than a timeout, for example.
0
Comment
Question by:shovavnik
  • 4
  • 2
7 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 11892958
You can't redirect from session_end like you are hoping, this is a server side event called by the server and is not linked to any particular Request.  This page has some more info on this.

http://www.eggheadcafe.com/articles/20021016.asp
0
 
LVL 17

Expert Comment

by:AerosSaga
ID: 11893065
You could always perform some action to let you know based on EndRequest.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpApplicationClassEndRequestTopic.asp

Regards,

Aeros
0
 
LVL 8

Author Comment

by:shovavnik
ID: 11893311
raterus,

Your article is enlightening, but I think I didn't state my question properly.

Basically, I don't need to respond to the Session_End event, which won't fire anyway, as we use webfarms.

What I want to be able to do is figure out, in Application_BeginRequest maybe (or wherever I can capture the state), is whether the Session Timeout has passed.

My code already guarantees that the user must be logged in, and if the user is not logged in, the page is redirected.  This is done in the OnInit of a base page from which all the application pages inherit.

The ideal solution would be along the following lines (merged with existing code).  Note that this is in OnInit and occurs before InitializeComponent.

protected virtual void EnsureLogin()
{
  // ----- this line doesn't exist yet ----- //
  if( ***TheSessionHasTimedOutBeforeThisRequest*** ) Response.Redirect( "timedoutpage.aspx" );
  // ----- end of non-existent code ----- //
  else if( !AppUser.IsLoggedIn ) Response.Redirect( "pleaseloginpage.aspx" );
}


The question is, how can I implement the TheSessionHasTimedOutBeforeThisRequest thingy?  Is it possible?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 8

Author Comment

by:shovavnik
ID: 11893332
Aeros,

I can't use EndRequest in this case, because I need to kick the user out before the request is completed and not after.

But in any case, what action could I perform to let me know?  I can safely say that I understand the event flow and know where I need to put the code that checks for the session end reason.  I just don't know what that code should be.
0
 
LVL 33

Accepted Solution

by:
raterus earned 500 total points
ID: 11894735
Have you looked at the IsNewSession property of the HttpSessionState Class?  It would seem that if when they logged in you persisted a value (not in the session of course), which would instuct your pages to check "IsNewSession" on each request now, and if it is ever true, you will know that the session was ended sometime after the last request.

Just guessing here.. :-)
--Michael

0
 
LVL 8

Author Comment

by:shovavnik
ID: 11895145
raterus,

I'll check this tomorrow at work.

In the meantime, we're considering (my colleagues and I) using a cookie.  The idea is to set a dummy cookie value when the user logs in and clear it when the user logs out.

If the user tries to access a page that requires login and the cookie is present, then if the session has ended I can know that it ended because of a timeout.

If on the other hand, the user tries to access a page that requires login but the cookie is not present, then I know the user needs to be redirected to the login page.

It's possible that your method and this method can work together.  I'll have to evaluate my options tomorrow.

I'll let you know.
0
 
LVL 8

Author Comment

by:shovavnik
ID: 11903140
raterus,

Your suggestion for IsNewSession doesn't help, because I already know if this is a new session.

However, your suggestion to persist a value is essentially what we ended up doing by persisting the cookie.

So, thanks for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Set cookies HttpOnly and Secure 4 112
Achieve json result 2 65
Host asp.net pages 5 25
Angular JS Route 3 52
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now