Check session if doesn't exists redirect to login page

Question

User-614943948 posted

I have an ASP.NET Application, where I have a master page and I have derived various pages from it, including the login page. In the master page, i want to put a condition, where if the session doesn't exists, it should redirect to the login page. 

1) How can i achieve this?
2) Where should i put this check? In the page load with PostBack conditional condition or in OnInit?

Answer 1

User1526051739 posted

1) You can achieve using check session value in if conditon.

2). Put session check code on   load method of master page  if session is expire than it redirect to login.

  if (Session["LoggedUserName"] == null)
    {
        Response.Redirect("login.aspx");
    } 

Answer 2

User475983607 posted

I have an ASP.NET Application, where I have a master page and I have derived various pages from it, including the login page. In the master page, i want to put a condition, where if the session doesn't exists, it should redirect to the login page. 

1) How can i achieve this?
2) Where should i put this check? In the page load with PostBack conditional condition or in OnInit?

I recommend that you use standard cookie/forms authentication rather than Session.

You can learn about ASP.NET security in the Security docs available from this site.

https://www.asp.net/web-forms/overview/security

Answer 3

User-1171043462 posted

Refer

Validate Session set after login and redirect user back to login page if it is NULL in ASP.Net

Answer 4

User-943250815 posted

Considering, use of membership or identity and forms authentication you can on put on masterpage.load

Dim xSessionID As String = System.Web.HttpContext.Current.Session.SessionID
Dim xContext = System.Web.HttpContext.Current
Dim xUser = Membership.GetUser
If xContext.Request.IsAuthenticated AndAlso Not xContext.Cache(xUser.ProviderUserKey.ToString) = xSessionID Then
Response.Redirect("~/Login.aspx") 'Redirect to login page
End If

Answer 5

User-893317190 posted

Hi maverick786us,

If you want to check the session of the pages with the same master page except the login page , you could define a property in your master page and set the value to true in your login page to tell the master page not to check the Session.

Below is my code.

 // define a variable to know whether to check the session
        public bool Flag { get; set; }
        protected void Page_Load(object sender, EventArgs e)
        {


            if (!Flag && Session["Session"] == null)
            {
                Response.Redirect("~/Login.aspx");
            }


        }

The code in login.aspx.

 protected void Page_Init(object sender, EventArgs e)
        {
            // convert the master page to the real type of your master page to set the 
            // customized property
           Site1 mas = Master as Site1;
            mas.Flag = true;
           
        }

After doing that you  the user will not be redirected in login.aspx and you could finish the login logic of your project.

There is another way .You could create a normal class (not aspx.cs just a cs file) , let the class inherit from System.Web.UI.Page. 

Then you could write your redirect logic in the class's Page_Init event  and let pages which you want to  redirect inherit from the class (except the login.aspx).

Below is the class.

public class BasePage : System.Web.UI.Page
    {
        protected void Page_Init(object sender, EventArgs e)
        {
            if (Session["Session"] == null)
            {
                Response.Redirect("~/Login.aspx");
            }
        }
    }

And a sample  of pages where should check the session.

 public partial class WebForm2 : BasePage
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }
    }

Best regards,

Ackerly Xu


 

Answer 6

User-614943948 posted

Thanks for the help guys

@Ackerly I used this condition in my master page. 

if ((currentPage != "Login.aspx") && (currentPage != "UserRegistration.aspx"))
            {
                if (HttpContext.Current.Session["UserName"] == null)
                    Response.Redirect("Login.aspx");
            }

But even when I go to login page it goes into this code block. Any idea why?

Answer 7

User-1740043572 posted

protected void Page_Load(object sender, EventArgs e)
        {

            if (Session["Staff_Code"] == null || Session["Staff_Code"].ToString() == string.Empty)
               {
                Response.Redirect("../forms/fm_login.aspx", true);
                }
        }

Answer 8

User-893317190 posted

Hi maverick786us,

I don't know other details of your code.But from the code you post , I find you use 

(currentPage != "Login.aspx") && (currentPage != "UserRegistration.aspx")

This couldn't be true , because currentPage couldn't not be Login.aspx and UserRegistration.aspx at the same time.

Please use 

(currentPage != "Login.aspx") || (currentPage != "UserRegistration.aspx")

to see if this solve your problem.

Best regards,

Ackerly Xu