Detecting Session Timeout and Redirect to Login Page in ASP.NET
In this example i'll explain how to detect session timeout and redirect to login page, session timeout occurs when user is idle for the time specified as Session timeout in web.config file using C# And VB.NET.
For this Example i've set time out value in web.config file to 1 minute.
I've created three pages in this example , one is login page , when session expires , i redirect to this page , one is navigation page where i'll check if session is valid or not , if it is valid than only user will see this page other wise he gets redirected to login page.
Add Global.asax class file in root of your application or website.
This method works only if Global.asax is present in application.
Write below mentioned code in Page_Init event of the page where we want to check for session timeout.
we can also put this code in in a class and inherit all pages of application from this class acting as base class for all pages to check for session timeout.
And the code behind for this page is like
On the page where we want to check the session has timed out or not, we need to check it in the Page_Init event of the page , if session is not null than user will be able to go to the page other wise he will be redirected to login page.
And the Code behind for this page is
If we need to check this in all the pages of application than we can create a BaseClass and write the above mentioned code of CheckSession and Page_Init part and drive all ur pages from this class by typing BaseClassName in place of System.Web.UI.Page and it will check all pages for session timeout every time page is loaded
In this example i'll explain how to detect session timeout and redirect to login page, session timeout occurs when user is idle for the time specified as Session timeout in web.config file using C# And VB.NET.
For this Example i've set time out value in web.config file to 1 minute.
1st Method
In web.config file, set the sessionstate mode to inproc and authentication mode to Forms
<system.web> <compilation debug="true"/> <authentication mode="Forms"/> <sessionState mode="InProc" cookieless="false" timeout="1"> </sessionState> </system.web>
I've created three pages in this example , one is login page , when session expires , i redirect to this page , one is navigation page where i'll check if session is valid or not , if it is valid than only user will see this page other wise he gets redirected to login page.
Add Global.asax class file in root of your application or website.
This method works only if Global.asax is present in application.
Write below mentioned code in Page_Init event of the page where we want to check for session timeout.
we can also put this code in in a class and inherit all pages of application from this class acting as base class for all pages to check for session timeout.
C# CODE
protected
void
Page_Init(
object
sender, EventArgs e)
{
if
(Context.Session !=
null
)
{
if
(Session.IsNewSession)
HttpCookie newSessionIdCookie = Request.Cookies[
"ASP.NET_SessionId"
];
if
(newSessionIdCookie !=
null
)
{
string
newSessionIdCookieValue = newSessionIdCookie.Value;
if
(newSessionIdCookieValue !=
string
.Empty)
{
// This means Session was timed Out and New Session was started
Response.Redirect(
"Login.aspx"
);
}
}
}
}
}
VB.NET CODE
Protected
Sub
Page_Init(sender
As
Object
, e
As
EventArgs)
If
Context.Session IsNot
Nothing
Then
If
Session.IsNewSession
Then
Dim
newSessionIdCookie
As
HttpCookie = Request.Cookies(
"ASP.NET_SessionId"
)
If
newSessionIdCookie IsNot
Nothing
Then
Dim
newSessionIdCookieValue
As
String
= newSessionIdCookie.Value
If
newSessionIdCookieValue <>
String
.Empty
Then
' This means Session was timed Out and New Session was started
Response.Redirect(
"Login.aspx"
)
End
If
End
If
End
If
End
If
End
Sub
2nd Method.
Code for Default.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Button ID="btnSessionStart" runat="server" OnClick="btnSessionStart_Click" Text="Start Session" /><br /> <br /> <br /> <asp:Button ID="btnCheck" runat="server" OnClick="btnCheck_Click" Text="Check Session ID" /> <br /> <asp:TextBox ID="txtSession" runat="server" Width="266px"> </asp:TextBox><br /> <br /> <asp:Button ID="btnGO" runat="server" OnClick="btnGO_Click" Text="Go to Other Page" /> <br /> <br /> </div> </form> </body> </html>
And the code behind for this page is like
protected void btnSessionStart_Click (object sender, EventArgs e) { Guid Session_id = Guid.NewGuid(); Session["SessionID"] = Session_id.ToString(); } protected void btnCheck_Click (object sender, EventArgs e) { if (Session["SessionID"] != null) txtSession.Text = Session["SessionID"].ToString(); else txtSession.Text = "Session has expired"; } protected void btnGO_Click (object sender, EventArgs e) { Response.Redirect("Default2.aspx"); }
On the page where we want to check the session has timed out or not, we need to check it in the Page_Init event of the page , if session is not null than user will be able to go to the page other wise he will be redirected to login page.
In this page I've just put a button to go to home page
<html xmlns="http://www.w3.org/1999/xhtml" > <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:Button ID="btnHome" runat="server" OnClick="btnHome_Click" Text="Home" /></div> </form> </body> </html>
And the Code behind for this page is
protected void Page_Init(object sender, EventArgs e) { CheckSession(); } protected void btnHome_Click(object sender, EventArgs e) { Response.Redirect("Default.aspx"); } private void CheckSession() { if (Session["SessionID"] == null) { Response.Redirect("Login.aspx"); } }
If we need to check this in all the pages of application than we can create a BaseClass and write the above mentioned code of CheckSession and Page_Init part and drive all ur pages from this class by typing BaseClassName in place of System.Web.UI.Page and it will check all pages for session timeout every time page is loaded
No comments:
Post a Comment