asked on

Easy 500 - ASP.NET Closing Sessions

I'm was currently working on a secure adminstration area for a website. The user will login and their details are validated/authenicated by means of an access database. A session is created. What would be the best to stop people from directly accessing the secure pages behind the login.

What i'd like is to response.redirect the user back to the login.aspx if no valid session etc exists. Also when the browser is closed i'd like the session/authenication to end... very similiar to how the login part of experts exchange works.

Any help or advice appreciated!

ASKER CERTIFIED SOLUTION

SystemExpert

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Cloud9_User

ASKER

Just to add... i'm currently using the Application_beginRequest to check whether the user session is valid but have once logged the sessions never seem to end.

SOLUTION

DBAduck - Ben Miller

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

GENTP

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Cloud9_User

ASKER

Handling the session isn't too much of a problem, getting the session to close is though. i know it timeouts after a set period i.e 20 minutes by default but i'd like to have it closed when the browser closes.

Does any know how the likes of experts exchange and googles gmail do it?

GENTP

Have you tried:
Session.Abandon();

Or maybe even having an unload event that does something like (but it creates the problem of having to know what page someone is leaving the site from, not a very good solution):
Session.Timeout=1;//timeouts must be greater than 0, so you won't be able to do that :P