session expiring and giving error page
https://stackoverflow.com/questions/1801730
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My application is throwing an error when the session expires.
I dont want the sessions to expire automatically....
but if there is no way to do that then instead of showing the error it should be redirected to the login page...
I tried to do this....
Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60) + 10) + "; URL=Login.aspx");
this code not working when session expires.. i get an error message
Response is not available in this context.
the web config has this
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="Cookie" timeout="10080" path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Is there anything else i need to add in the web config...
any suggestions... thanks
this is my page load
protected void Page_Load(object sender, EventArgs e)
{
Response.AppendHeader("Refresh", Convert.ToString((Session.Timeout * 60) + 10) + "; URL=Login.aspx");
string userName = Session["userName"].ToString();
string password = Session["password"].ToString();
string domain = Session["domain"].ToString();
impersonateValidUser(userName, domain, password);
}
Solution
I have solved this in my master page's Page_Load.
Each time the Page_Load fires it checks to see that a specific Session value exists (which should be there if a user is signed in properly). If not I redirect to the sign in page.
Eg:
// Assuming your using master pages (if not you could have this in a base page that all
// your pages inherit from.
protected void Page_Load(object sender, EventArgs e)
{
if (Session["SomeKey"] == null)
{
// Session has expired or person has not signed in so redirect.
FormsAuthentication.SignOut();
Session.Abandon();
Response.Redirect("signin.aspx", true);
}
// If all is good continue and do whatever you normally do.
}
In your example the session variables might not exist due to the session expiring so your getting null back from all your fetched session keys. You should be validating that they are not null and if so reacting appropriately to the values being null.
OTHER TIPS
I'm not sure where your problem lies, but as an alternative consider using a javascript solution client side to prompt the user to renew their session prior to expiration. If the user fails to affirmatively agree to session renewal, then redirect to the Logout page to terminate the session without simply letting it expire. Typically your Logout page will redirect back to the Login page so the user, when they return to their computer, will be prompted to Login. If the user does click the OK (I want to renew my session) button in your renewal dialog, then use a request to a Keepalive page, as @Come suggests, though I would do it with AJAX instead of an iframe.
You can look at some sample code that does this in an ASP.NET MVC context on my blog.
What you could do is to add a invisible iframe to your page:
<iframe src="keepalive.aspx" style="width:0px;height:0px"></iframe>
And keepalive.aspx contains the following:
<%@ Page Language="C#" Inherits="Keepalive" EnableSessionState="True"%>
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" >
<html>
<head>
<META http-equiv="refresh" content="60"/>
</head>
<body></body>
</html>
Every 60 seconds keepalive.aspx refreshes itself causing the session to stay alive. You can set the timeout of the session to for instance 2 minutes. This way the session will be cleaned up very soon after the user has left your page.
It's a bad idea to have pernament sessions on you site but you can acomplish this by giving large values for session time out in web.config
<sessionState timeout="6000"/>
