Easy 500 - ASP.NET Closing Sessions

Posted on 2006-04-26
Last Modified: 2008-03-06
I'm was currently working on a secure adminstration area for a website. The user will login and their details are validated/authenicated by means of an access database. A session is created. What would be the best to stop people from directly accessing the secure pages behind the login.

What i'd like is to response.redirect the user back to the login.aspx if no valid session etc exists. Also when the browser is closed i'd like the session/authenication to end... very similiar to how the login part of experts exchange works.

Any help or advice appreciated!
Question by:Cloud9_User
    LVL 10

    Accepted Solution


    You should use role based authentication. see the following link


    Author Comment

    Just to add... i'm currently using the Application_beginRequest to check whether the user session is valid but have once logged the sessions never seem to end.

    LVL 24

    Assisted Solution

    by:DBAduck - Ben Miller
    When you use Forms authentication, then ASP.NET handles the redirects and protects the folder from access without logging in.

    Then you can couple that with role based authentication and allow multiple users in a role to get to the pages, or whatever your requirement is.

    LVL 5

    Assisted Solution

    I'd just put a yes/no field in the database, and call it Admin. When you validate a user, make sure to find out if they are an admin or not, and set Session["admin"]=true.

    Then in the onload event of the admin page, simply do:


    Author Comment

    Handling the session isn't too much of a problem, getting the session to close is though. i know it timeouts after a set period i.e 20 minutes by default but i'd like to have it closed when the browser closes.

    Does any know how the likes of experts exchange and googles gmail do it?
    LVL 5

    Expert Comment

    Have you tried:

    Or maybe even having an unload event that does something like (but it creates the problem of having to know what page someone is leaving the site from, not a very good solution):
    Session.Timeout=1;//timeouts must be greater than 0, so you won't be able to do that :P

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now