Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get Session to expire gracefully in ASP.NET

Tags:

redirect

asp.net

session

I need a way to tell ASP.NET "Kill the current session and start over with a brand new one" before/after a redirect to a page.

Here's what I'm trying to do:

1) Detect when a session is expired in the master page (or Global.asax) of an ASP.NET application.

2) If the session is expired, redirect the user to a page telling them that their session is expired. On this page, it will wait 5 seconds and then redirect the user to the main page of the application, or alternatively they can click a link to get there sooner if they wish.

3) User arrives at main page and begins to use the application again.

Ok, so far I have steps 1 and 2 covered. I have a function that detects session expiry by using the IsNewSession property and the ASP.NET Session ID cookie value. if it detects an expired session it redirects, waits five seconds and then TRIES to go to the main page.

The problem is that when it tries to redirect, it gets to the part in the master page to detect an expired session and it returns true. I've tried calling Session.Abandon(), Session.Clear(), even setting the session to NULL, with no luck.

Someone out there has had to have faced this problem before, so I'm confident in the community to have a good solution. Thanks in advance.

like image 427
Robert Iver Avatar asked Feb 03 '09 22:02

Robert Iver

2 Answers

The problem you are describing happens because asp.net is reusing the sessionid, if the sessionid still exists in the auth cookie when you call abandon() it will just reuse it, you need to explicitly create a new sessionid afaik something like:

 HttpCookie mycookie = new HttpCookie("ASP.NET_SessionId");
    mycookie.Expires = DateTime.Now.AddDays(-1);
    Response.Cookies.Add(mycookie);
like image 123
Element Avatar answered Oct 15 '22 16:10

Element

For ASP.NET MVC this is what I'm doing with an action method.

Note:

  • Returns a simple view with no other resources that might accidentally re-create a session

  • I return the current time and session id so you can verify the action completed succcessfully

    public ActionResult ExpireSession()
{
    string sessionId = Session.SessionID;
    Session.Abandon();
    return new ContentResult()
    {
        Content = "Session '" + sessionId + "' abandoned at " + DateTime.Now
    };
}
like image 45
Simon_Weaver Avatar answered Oct 15 '22 15:10

Simon_Weaver
Sign in to Comment

Related questions

Why does Logout in ASP.NET Identity use POST instead of GET? [duplicate]
ASP.NET Web API custom IHttpControllerSelector for a single route
Add Authentication to ASP.NET WebApi 2.2
How is the OWIN OAuth 2 token actually created?
Asp.NET Web API Displaying all controller's routes
Building a SignalR / Knockout dashboard with guaranteed messaging
CheckBoxList ListItem Count always 0 after adding data dynamically
How does an application pool recycle affect ASP Net Session State?
ASP.NET Core RC2 Configure Custom AppSettings
Why run ASP.NET Core on .NET Core over .NET on Windows Server
How to Get Custom Property Value of the ApplicationUser in the ASP.Net MVC 5 View?
Delete Windows user created by IIS ApplicationPoolIdentity?
Accessing a cookie value in an ASP.NET Core MVC Razor view
DotNet Pack Not Doing Anything
CORS in .NET Core 2.0 "No 'Access-Control-Allow-Origin' header is present on the requested resource."
Is This How to Create a Data Transfer Object (DTO) with Entity Framework Core & ASP.NET Core MVC 2.2+ and 3.0
What's the best way to deal with cache and the browser back button?
Is elegant, semantic CSS with ASP.Net still a pipe dream?
Drawing a Web Graph [closed]
When creating a web control should you override OnLoad or implement Page_Load

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!