This is example of Detecting Session Timeout and Redirect to Login Page in ASP.NET, session timeout occurs when user is idle for the time specified as in web.config file.
For this i've set time out value in web.config to 1 minute.
1st Method
I've created three pages in this example , one is login page , when session expires , i redirect to this page , one is navigation page where i'll check if session is valid or not , if it is valid than only user will see this page other wise he gets redirected to login page.
Add Global.asax class file in root of your application or website.
This method works only if Global.asax is present in application.
Write below mentioned code in Page_Init event of the page where we want to check for session timeout.
we can also put this code in in a class and inherit all pages of application from this class acting as base class for all pages to check for session timeout.
C# CODE
VB.NET
And the code behind for this page is like
On the page where we want to check the session has timed out or not, we need to check it in the Page_Init event of the page , if session is not null than user will be able to go to the page other wise he will be redirected to login page.
And the Code behind for this page is
If we need to check this in all the pages of application than we can create a BaseClass and write the above mentioned code of CheckSession and Page_Init part and drive all ur pages from this class by typing BaseClassName in place of System.Web.UI.Page and it will check all pages for session timeout every time page is loaded
For this i've set time out value in web.config to 1 minute.
1st Method
In web.config file, set the sessionstate mode to inproc and authentication mode to Forms
<system.web> <compilation debug="true"/> <authentication mode="Forms"/> <sessionState mode="InProc" cookieless="false" timeout="1"> </sessionState> </system.web>
I've created three pages in this example , one is login page , when session expires , i redirect to this page , one is navigation page where i'll check if session is valid or not , if it is valid than only user will see this page other wise he gets redirected to login page.
Add Global.asax class file in root of your application or website.
This method works only if Global.asax is present in application.
Write below mentioned code in Page_Init event of the page where we want to check for session timeout.
we can also put this code in in a class and inherit all pages of application from this class acting as base class for all pages to check for session timeout.
C# CODE
protected void Page_Init(object sender, EventArgs e) { if (Context.Session != null) { if (Session.IsNewSession) { HttpCookie newSessionIdCookie = Request.Cookies["ASP.NET_SessionId"]; if (newSessionIdCookie != null) { string newSessionIdCookieValue = newSessionIdCookie.Value; if (newSessionIdCookieValue != string.Empty) { // This means Session was timed Out and New Session was started Response.Redirect("Login.aspx"); } } } } }
VB.NET
Protected Sub Page_Init(sender As Object, e As EventArgs) If Context.Session IsNot Nothing Then If Session.IsNewSession Then Dim newSessionIdCookie As HttpCookie = Request.Cookies("ASP.NET_SessionId") If newSessionIdCookie IsNot Nothing Then Dim newSessionIdCookieValue As String = newSessionIdCookie.Value If newSessionIdCookieValue <> String.Empty Then ' This means Session was timed Out and New Session was started Response.Redirect("Login.aspx") End If End If End If End If End Sub
2nd Method.
Code for Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Button ID="btnSessionStart" runat="server" OnClick="btnSessionStart_Click" Text="Start Session" /><br /> <br /> <br /> <asp:Button ID="btnCheck" runat="server" OnClick="btnCheck_Click" Text="Check Session ID" /> <br /> <asp:TextBox ID="txtSession" runat="server" Width="266px"> </asp:TextBox><br /> <br /> <asp:Button ID="btnGO" runat="server" OnClick="btnGO_Click" Text="Go to Other Page" /> <br /> <br /> </div> </form> </body> </html>
And the code behind for this page is like
protected void btnSessionStart_Click (object sender, EventArgs e) { Guid Session_id = Guid.NewGuid(); Session["SessionID"] = Session_id.ToString(); } protected void btnCheck_Click (object sender, EventArgs e) { if (Session["SessionID"] != null) txtSession.Text = Session["SessionID"].ToString(); else txtSession.Text = "Session has expired"; } protected void btnGO_Click (object sender, EventArgs e) { Response.Redirect("Default2.aspx"); }
On the page where we want to check the session has timed out or not, we need to check it in the Page_Init event of the page , if session is not null than user will be able to go to the page other wise he will be redirected to login page.
In this page I've just put a button to go to home page
<html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Button ID="btnHome" runat="server" OnClick="btnHome_Click" Text="Home" /></div> </form> </body> </html>
And the Code behind for this page is
protected void Page_Init(object sender, EventArgs e) { CheckSession(); } protected void btnHome_Click(object sender, EventArgs e) { Response.Redirect("Default.aspx"); } private void CheckSession() { if (Session["SessionID"] == null) { Response.Redirect("Login.aspx"); } }
If we need to check this in all the pages of application than we can create a BaseClass and write the above mentioned code of CheckSession and Page_Init part and drive all ur pages from this class by typing BaseClassName in place of System.Web.UI.Page and it will check all pages for session timeout every time page is loaded
If you like this post than join us or share
16 comments:
Nice article.But hope u know about forms authentication,where asp.net will automatically redirect to login page,if login url is specified.There is no need for checking session like this in all pages.Thanks
Amit,
Forms Authentication just avoids this kind of checkin session inevery page. Also the Session State creating, removing is taken care automatically and you dont need to explicitly create. This technique is ASP Day technique.
Thanks,
Harish
http://geekswithblogs.net/ranganh
u can write your own httm module, that cheking if session expired, and if that happened you allow redirect to login page
Yeah I probably wouldnt do it like that!!! As mentioned, use what built in, rather than dodgy session checking. You are wasting server memory!
Forms authentication and Session are completely unrelated, and have very different purposes. Therefore, a method to detect a Session timeout is still very useful. I would do it in an HttpModule or in Global.asax though.
Wouldn't it be better to use a base page class and build this method on your base page class...
In My opinion best place to check for session timeout would be the Global.asax file in the AcquireRequestState event.That removes the dependency on checking for every page.
I have a related article but that uses the new Session.IsNewSession instead of checking a certain session object.
Good article. However, it would be nice if you could write an article on how to tell the user that the page is going to expire in 2minutes or so as a popup. This happens without a postback on an idle page. eg. HSBC online banking website.
Nishanth Nair,
I have tried this in master page.
#region Session alert handling
bool implementSessionAlert = false;
try
{
implementSessionAlert = Convert.ToBoolean(ConfigurationManager.AppSettings["ImplementSessionAlert"]);
}
catch
{ /*do nothing */ }
if (implementSessionAlert)
{
Session[SessionKeys.UserSession] = DateTime.Now;
object objSection = ConfigurationManager.GetSection("system.web/sessionState");
// Get the section related object.
System.Web.Configuration.SessionStateSection sessionStateSection =
(System.Web.Configuration.SessionStateSection)objSection;
bool addAlert = true;
int minutesBeforePrefernce = 4;
try
{
minutesBeforePrefernce = Convert.ToInt32(ConfigurationManager.AppSettings["MinutesBeforePrefernce"]);
if (minutesBeforePrefernce >= sessionStateSection.Timeout.Minutes)
{
// TODO: log
addAlert = false;
}
}
catch
{ /*do nothing */ }
if (addAlert)
{
DateTime sessionStartTime = Common.GetSafeDateTimeFromSession(SessionKeys.UserSession);
DateTime alertAfterTime = sessionStartTime.AddMinutes(sessionStateSection.Timeout.Minutes - minutesBeforePrefernce);
TimeSpan alertAfter = alertAfterTime.Subtract(sessionStartTime);
string openBrace = "{";
string closBrace = "}";
string newLine = "\\\\r\\\\n\\\\r\\\\n";
string tab = "\\\\r";
string jscript =
string.Format("var timeOutId; timeOutId = setTimeout(\" var confirmResult = confirm('Session will end at {2} in {0} minutes. {5}{6}OK - to go to the landing page and start a new Session. {5}{6}Cancel - to stay on the current page. Canceling and interaction after session ends might cause unexpected results.'); if(confirmResult) {3} self.location = '.'; {4} /*else {3} alert(new Date().toLocaleTimeString()); {4}*/\", {1});",
minutesBeforePrefernce, alertAfter.TotalMilliseconds, sessionStartTime.AddMinutes(sessionStateSection.Timeout.Minutes).ToLongTimeString(), openBrace, closBrace, newLine, tab);
Page.ClientScript.RegisterStartupScript(
typeof(string),
"SessionTimeOutAlert",
jscript,
true);
}
}
#endregion
basically only these lines two matter.
string jscript =
string.Format("var timeOutId; timeOutId = setTimeout(\" var confirmResult = confirm('Session will end at {2} in {0} minutes. {5}{6}OK - to go to the landing page and start a new Session. {5}{6}Cancel - to stay on the current page. Canceling and interaction after session ends might cause unexpected results.'); if(confirmResult) {3} self.location = '.'; {4} /*else {3} alert(new Date().toLocaleTimeString()); {4}*/\", {1});",
minutesBeforePrefernce, alertAfter.TotalMilliseconds, sessionStartTime.AddMinutes(sessionStateSection.Timeout.Minutes).ToLongTimeString(), openBrace, closBrace, newLine, tab);
Page.ClientScript.RegisterStartupScript(
typeof(string),
"SessionTimeOutAlert",
jscript,
true);
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
Hi. Just want to ask , if i dont't want to see those check session things, jus want to make sure after login, it will session timeout after like 5-10 mins like that. Possible ?
how can i make itself but each minute check if is or not opened.
Post a Comment