session variables timeout in asp.net app

Question

In my web app I'm using some session variables, which are set when I login:

e.g. Session("user_id") = reader("user_id")

I use this through my app.

When the session variable times out, this throws errors mainly when connecting to the database as session("user_id") is required for some queries.

How can I set my session variables so that once they are timed out to go to the login page or how can at least increase the length of time the are available?

Answer 1

I'm guessing you're using Forms Authentication. The trick here is to ensure that your Forms Authentication expires before the session does.

I wrote about this in this answer here:

How to redirect to LogIn page when Session is expired (ASP.NET 3.5 FormsAuthen)

For example:

Configure your Forms Authentication - this sets the timeout to 60 minutes:

<authentication mode="Forms">
    <forms defaultUrl="~/Default.aspx"
        loginUrl="~/Login.aspx"
        slidingExpiration="true"
        timeout="60" />
</authentication>

Extend Session expiry to a longer time:

<sessionState 
    mode="InProc" 
    cookieless="false" 
    timeout="70"/>

In your Login.aspx code behind you could also do a Session.Clear(); to remove stale session data before assigning session values.