[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1056
  • Last Modified:

Session_End Event

hi,

is there a way to handle the Session_End event in global.asax such that i redirect to a session notification page?  i tried to do a redirect but didn't work.
0
mmingfeilam
Asked:
mmingfeilam
  • 9
  • 5
  • 3
  • +1
3 Solutions
 
BTosonCommented:
Session_End occurs internally and not within a HTTP context.
One way would be checking the session on Application_EndRequest.
0
 
mmingfeilamAuthor Commented:
so here is what i am going to do:
1) on Page_Load of default.aspx, create a Session["Timeout"] variable
2) on Application_EndRequest, check to see if this session variable is null, if so i will redirect to a session expired notification page.

what do you think?
0
 
BTosonCommented:
Do you want to automatically redirect someone to a certain page when their session expires?
If so you will need to do that either using client side JavaScript or Application_AcquireRequestState.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
mmingfeilamAuthor Commented:
actually i got this HttpException when i tried to check for Session["Timeout"] in Application_EndRequest():

Session state is not available in this context.
0
 
BTosonCommented:
Ah my bad, forgot about that!
As I said, if you wish to redirect someone to a pge, eg a login page when their session expires, you will have to do it either using JavaScript or check the SessionState on AquireRequestState.
0
 
Anurag ThakurCommented:
if you just want to implement the logic for session expired or not the best place to implement will be on the page load event on each page
just check for any variable in your session object

example when a user logs in you either add the user name or the user id in the session object like Session["UserName"] = userName;

on every page load just check
if (Session["UserName"] != null)
   // logic for session still available
else
   // redirect to session expired page

Ragi
0
 
BTosonCommented:
The following sample in a Global.asax will work across your application excluding Login.aspx for obvious reasons!
Protected Sub Application_AcquireRequestState(ByVal sender As Object, ByVal e As System.EventArgs)
	If Not Request.FilePath.Contains("Login.aspx") AndAlso Session Is Nothing Or Session.IsNewSession Then Server.Transfer("Login.aspx")
End Sub

Open in new window

0
 
BTosonCommented:
Apologies, had my VB hat on!  This will also check that Timeout is not null.  You can make it check the actual time if you wished.
protected void Application_AcquireRequestState(object sender, EventArgs e)
{
	 if (Request.Url.AbsolutePath != "/Login.aspx" && (Session != null || Session.IsNewSession || Session["Timeout"] == null)) Server.Transfer("Login.aspx");
}

Open in new window

0
 
Gyanendra SinghArchitectCommented:
0
 
mmingfeilamAuthor Commented:
BondinASP, i think your method will work, but it's too tedious because you have to put this mechanism in every page in the website.  if there is a method that allows me to check only once per request for session expiration globally, like in global.asax, that would be better.  i am not sure if that's possible, but ideally that's the solution i am looking for.
0
 
BTosonCommented:
See my code above, that should give you the general idea...
0
 
mmingfeilamAuthor Commented:
BToson,

where do you initilize Session["Timeout"]?  if i do it in Page_Load, it takes place after Application_AcquireRequestState, and the redirect always takes place.  i tried to put it in Session_Start, unfortunately, that gets called when a session ends and you put in a new request, so Session["Timeout"] always exists.
0
 
BTosonCommented:
Well why not just set the SessionState timeout in the web.config instead?
0
 
Anurag ThakurCommented:
the comment from bondinAsp is nearly similar to mine ID:22914925
i think if you check for the session is exisitng or not at page load then it will be error proof (that is the only way i am implemented my session timeout and it works perfectly)
0
 
Gyanendra SinghArchitectCommented:
hmm than better create one base class and inherit all your codebehind pages to same class ... check this artical .. this will help you

http://aspalliance.com/520_Detecting_ASPNET_Session_Timeouts.all
0
 
mmingfeilamAuthor Commented:
what about using a master page as opposed to inheriting from a base class?
0
 
BTosonCommented:
Best place to put it is in your Global file or a HTTP module.  You could place it in a master page if you wished but it's better in a more global context!
0
 
Gyanendra SinghArchitectCommented:
>> what about using a master page as opposed to inheriting from a base class?

call the same on master page code behind file .. thats it
0
 
Anurag ThakurCommented:
the page load for content page is called before the page load for master is called
so i doubt that you can do it in the master page.

the best way to do a check for session is in the page load of a web page
0
 
BTosonCommented:
Hooking on to Application.AcquireRequestState allows you to access the session state as soon as it has created.  You can then check the relevant Request/Session variables against what you require.
It is the best place to put your session code and relevant redirects as it will execute prior to the page.

Page.Load is relatviely late in the page's life cycle to check for the session as there is a necessity for some code to be placed in Page.PreInit/Page.Init.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 9
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now