Help with setting session and session expiration RRS feed

  • Question

  • User940326050 posted

    Hi everybody,

       This is my first post on this board.  I am faily new to ASP.NET.  I have been trying to learn atleast one new thing each day but at times it feels overwhelming.  So I have a basic ASP.NET 4.0 website just using web forms(no MVC).  This is a crappy little app that was handed down to me, and I cannot change a lot of the infrastructure just yet.  The first thing I noticed that was wrong with this thing is that the session was not being dealt with properly.  I have researched a lot on this on the web and have read a lot of articles but need your help.  So now for my questions:

    1.)  I am trying to set session for the whole app so that all pages expire after 15minutes.  So I am setting the sessionState attribute in the web.config file.  Like this(see below).  Am I doing this correctly?  Is this the proper way to do this?


    <sessionState mode="InProc" timeout="15"/>


    2.)  Once session expires, I want to redirect the user to a webform in my project just telling them that the session has expired and to start again(when the user interacts with the page, not automatically).  There is no authentication in this app.  Any user can just get to the page and enter info.  I have read a lot of articles on this and added code to the OnInit() event of each page to check if the session is expired.  If it is, the user is redirected to the error page.  If not, nothing happens.  So I have something similiar to the following code in each page:

    // Start - In the OnInit() event handler for each page
    if (CheckForSessionTimeout())
      // Go to my error page
    // End
    public bool CheckForSessionTimeout()
      if (Context.Session != null && Context.Session.IsNewSession)
        string cookieHeader = Page.Request.Headers["Cookie"];
        if ((null != cookieHeader) && (cookieHeader.IndexOf("ASP.NET_SessionId") >= 0))
         return true;
         return false;
        return false;

    I tried this code along with my webconfig setting on my machine in Visual Studio and it does not work.  Even after the timeout, the user is not redirected to the error page.

    Any ideas why this is not working?  Thanks!


    Monday, December 17, 2012 11:51 PM


All replies

  • Tuesday, December 18, 2012 1:44 AM
  • User940326050 posted

    Thanks for the reply.  I went through the article you linked to and read more on this topic but I am still having problems.  Apprently there are different ways to accomplish this.  I decided to try this another way instead of the way I first posted.  The way I am trying now, which is simplier.  Here is what I am doing:

    1.)  Commented out all my code in the code behind

    2.)  Set the time out to 1 minute

    3.)  Created and add a Global.asax file to my project.

    4.)  In the session_start method of Global.asax, I added the following code:

    Session["CustomSessionId"] = Guid.NewGuid();

    5.)  Then in the code behind of my pages I added the following code in the page_load event handler:

    If (Session["CustomSessionId"] == null)
       // Session is expired

    I saved all my changes, built sucessfully and run it on my machine from Visual Studio and it still doesn't work.  The CustomSessionId is never null no matter how long I wait.   Why doesn't this work?  Can you not test this by running it through Visual Studio?  HELP!

    Wednesday, December 19, 2012 1:28 PM
  • User260886948 posted

    Hi The Fire Snake,

    The following article gives some reasons about why the session time out not working, so you can just try to check it:

    http://www.codeproject.com/Articles/113287/Why-Session-Timeout-is-not-working-for-your-websit .

    Best Regards,
    Amy Peng 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, December 23, 2012 9:46 PM